4b29989e2f0146d8f18bc647a75b0fd7f881882934c538404fb8dc921dbb64fb

Analysis

max time kernel
29s
max time network
119s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
18-08-2024 17:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1ba5f737266142034a25bba3c96b39a0N.exe
Size

186KB
MD5

1ba5f737266142034a25bba3c96b39a0
SHA1

999cadd34c96791774ed1c8d602ca93c6867ba9a
SHA256

4b29989e2f0146d8f18bc647a75b0fd7f881882934c538404fb8dc921dbb64fb
SHA512

36764a5f70cc53b8c4e42d9f700bb7b928d03e731758dab2684e083f0040dd466f1b16720d1a6030cada32577a1d8e304f533667f9c641c772be609fcb8f6eae
SSDEEP

3072:wvs4dDXEGCLElS1Tj4mYWR/R4nkPR/1aVuy30/kQT62OiZzFu47Fupr3DPUv4i:sPDLCL9Io5R4nM/40yE/cpiZxr7FupbA

Score

7^/10

discovery persistence spyware stealer upx

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2460-0-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/files/0x00070000000175e4-5.dat	upx
behavioral1/memory/2460-61-0x0000000005470000-0x000000000548C000-memory.dmp	upx
behavioral1/memory/2460-90-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2692-91-0x0000000004CD0000-0x0000000004CEC000-memory.dmp	upx
behavioral1/memory/1608-93-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2880-94-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2676-96-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2004-99-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2932-100-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1780-104-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1448-107-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1584-108-0x0000000005050000-0x000000000506C000-memory.dmp	upx
behavioral1/memory/1028-110-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2288-113-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1448-115-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/976-114-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2584-116-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1676-119-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2288-120-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2284-122-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/3040-126-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/3208-129-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2676-131-0x0000000004B00000-0x0000000004B1C000-memory.dmp	upx
behavioral1/memory/3228-132-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/3248-133-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/3304-136-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/3208-135-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/3248-139-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/3304-141-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/3316-145-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1780-146-0x0000000004AB0000-0x0000000004ACC000-memory.dmp	upx
behavioral1/memory/3348-147-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/3376-148-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2116-149-0x0000000004DD0000-0x0000000004DEC000-memory.dmp	upx
behavioral1/memory/2980-151-0x0000000004AB0000-0x0000000004ACC000-memory.dmp	upx
behavioral1/memory/3452-150-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1780-152-0x0000000004AB0000-0x0000000004ACC000-memory.dmp	upx
behavioral1/memory/1448-153-0x0000000005050000-0x000000000506C000-memory.dmp	upx
behavioral1/memory/1836-154-0x0000000000860000-0x000000000087C000-memory.dmp	upx
behavioral1/memory/3840-155-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/3852-156-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/3872-157-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1608-158-0x0000000004E30000-0x0000000004E4C000-memory.dmp	upx
behavioral1/memory/1728-159-0x0000000004F20000-0x0000000004F3C000-memory.dmp	upx
behavioral1/memory/3892-161-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/3732-160-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1448-162-0x0000000005050000-0x000000000506C000-memory.dmp	upx
behavioral1/memory/3916-164-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1836-163-0x0000000000860000-0x000000000087C000-memory.dmp	upx
behavioral1/memory/3840-165-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/3852-166-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/976-167-0x0000000001FB0000-0x0000000001FCC000-memory.dmp	upx
behavioral1/memory/3872-168-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/3948-170-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1608-169-0x0000000004E30000-0x0000000004E4C000-memory.dmp	upx
behavioral1/memory/1728-171-0x0000000004F20000-0x0000000004F3C000-memory.dmp	upx
behavioral1/memory/3892-172-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/3916-173-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/4040-174-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/3948-175-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/4040-177-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/3928-179-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/4388-186-0x0000000000400000-0x000000000041C000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	1ba5f737266142034a25bba3c96b39a0N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\W:	1ba5f737266142034a25bba3c96b39a0N.exe
File opened (read-only)	\??\Y:	1ba5f737266142034a25bba3c96b39a0N.exe
File opened (read-only)	\??\Z:	1ba5f737266142034a25bba3c96b39a0N.exe
File opened (read-only)	\??\B:	1ba5f737266142034a25bba3c96b39a0N.exe
File opened (read-only)	\??\G:	1ba5f737266142034a25bba3c96b39a0N.exe
File opened (read-only)	\??\J:	1ba5f737266142034a25bba3c96b39a0N.exe
File opened (read-only)	\??\L:	1ba5f737266142034a25bba3c96b39a0N.exe
File opened (read-only)	\??\Q:	1ba5f737266142034a25bba3c96b39a0N.exe
File opened (read-only)	\??\E:	1ba5f737266142034a25bba3c96b39a0N.exe
File opened (read-only)	\??\H:	1ba5f737266142034a25bba3c96b39a0N.exe
File opened (read-only)	\??\R:	1ba5f737266142034a25bba3c96b39a0N.exe
File opened (read-only)	\??\K:	1ba5f737266142034a25bba3c96b39a0N.exe
File opened (read-only)	\??\M:	1ba5f737266142034a25bba3c96b39a0N.exe
File opened (read-only)	\??\S:	1ba5f737266142034a25bba3c96b39a0N.exe
File opened (read-only)	\??\T:	1ba5f737266142034a25bba3c96b39a0N.exe
File opened (read-only)	\??\U:	1ba5f737266142034a25bba3c96b39a0N.exe
File opened (read-only)	\??\V:	1ba5f737266142034a25bba3c96b39a0N.exe
File opened (read-only)	\??\X:	1ba5f737266142034a25bba3c96b39a0N.exe
File opened (read-only)	\??\A:	1ba5f737266142034a25bba3c96b39a0N.exe
File opened (read-only)	\??\I:	1ba5f737266142034a25bba3c96b39a0N.exe
File opened (read-only)	\??\N:	1ba5f737266142034a25bba3c96b39a0N.exe
File opened (read-only)	\??\O:	1ba5f737266142034a25bba3c96b39a0N.exe
File opened (read-only)	\??\P:	1ba5f737266142034a25bba3c96b39a0N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\indian lingerie fetish masturbation mature .zip.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\japanese lingerie public .mpeg.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\System32\DriverStore\Temp\asian beast [milf] .avi.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\malaysia xxx gay [milf] boots (Gina,Karin).rar.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\animal fetish voyeur wifey .avi.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\SysWOW64\IME\shared\black sperm voyeur beautyfull (Jade,Anniston).zip.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\SysWOW64\IME\shared\animal cumshot public (Sonja).avi.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\gay cumshot [milf] (Janette,Sandy).zip.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\nude sperm [milf] (Sonja).avi.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\russian beastiality public glans circumcision .avi.exe	1ba5f737266142034a25bba3c96b39a0N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\italian fucking girls granny .rar.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\beastiality bukkake public young (Anniston,Sonja).zip.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Program Files (x86)\Google\Update\Download\spanish handjob several models (Janette).mpeg.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\tyrkish horse gang bang sleeping nipples femdom (Kathrin,Jade).mpeg.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\gang bang [bangbus] mistress .rar.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Program Files (x86)\Google\Temp\black blowjob animal [free] cock (Sylvia).mpeg.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\russian xxx public shoes (Melissa).mpeg.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\xxx big cock bedroom .zip.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\malaysia beastiality [free] .rar.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Program Files\DVD Maker\Shared\chinese animal several models feet redhair .zip.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Program Files\Windows Journal\Templates\japanese nude horse uncut granny (Kathrin).mpeg.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\fetish lingerie [free] (Janette,Sonja).mpg.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\tyrkish blowjob voyeur circumcision (Ashley,Liz).mpeg.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\brasilian xxx [bangbus] bondage .avi.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\brasilian beast girls .mpg.exe	1ba5f737266142034a25bba3c96b39a0N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\asian bukkake handjob sleeping .mpg.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\animal blowjob voyeur .rar.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\american beastiality fucking voyeur hole (Sandy).avi.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\nude full movie vagina hairy .mpg.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\german xxx kicking licking swallow .avi.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\chinese porn catfight ejaculation .mpeg.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\swedish action horse [bangbus] hole bedroom .mpeg.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\danish beastiality public ejaculation .mpg.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\japanese horse fetish public girly .avi.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\gay nude masturbation (Jade).mpg.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\danish cum uncut ash ìï (Curtney,Liz).zip.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\assembly\temp\french hardcore voyeur legs wifey .avi.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\indian fetish fetish hot (!) (Tatjana).avi.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\fetish action sleeping ash (Janette).mpg.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\porn porn masturbation feet (Jade,Curtney).mpg.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\malaysia beastiality public (Jade,Jade).rar.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\chinese cumshot full movie ash sweet (Britney,Jade).avi.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\russian action [free] fishy .zip.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\brasilian animal uncut hole 50+ .zip.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\norwegian lingerie lingerie girls castration .mpg.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\beast several models gorgeoushorny .avi.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\tyrkish blowjob action several models glans (Ashley,Britney).avi.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\black beast nude sleeping legs gorgeoushorny (Jade,Jenna).rar.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\blowjob uncut (Sonja).mpeg.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\cum sleeping .mpg.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\chinese animal catfight hole shower .mpeg.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\fucking big (Sonja,Anniston).mpeg.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\asian animal cum [milf] (Karin).mpeg.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\gay sperm hidden .mpeg.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\malaysia fucking voyeur 50+ (Melissa).mpeg.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\african lingerie uncut legs .rar.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\spanish cum nude full movie stockings (Liz,Samantha).rar.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\black beastiality horse girls .mpg.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\nude public balls (Gina).mpeg.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\norwegian sperm gay hidden .mpg.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\asian animal xxx sleeping titts high heels .rar.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\kicking hidden mistress .mpg.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\french cum fucking [free] (Sylvia).avi.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\malaysia blowjob girls .zip.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\african sperm porn big ìï .avi.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\italian fucking big beautyfull .rar.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\french cumshot trambling catfight beautyfull .mpeg.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\cum big hole traffic .mpg.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\fetish cum [bangbus] young .zip.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\african bukkake blowjob masturbation glans high heels .zip.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\norwegian handjob porn [milf] .rar.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\cumshot nude licking leather .rar.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\brasilian animal catfight cock .zip.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\blowjob voyeur .mpg.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\german blowjob voyeur blondie .avi.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\bukkake catfight vagina .zip.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\bukkake several models leather .avi.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\xxx big titts boots (Jenna,Sonja).rar.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\french xxx beast several models cock YEâPSè& .mpeg.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\horse public traffic (Jenna).avi.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\SoftwareDistribution\Download\indian fucking bukkake [milf] .avi.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\japanese xxx blowjob [bangbus] .mpg.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\spanish fucking several models .avi.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\african handjob gang bang hidden (Melissa).rar.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\black animal action [bangbus] boobs (Sylvia,Jade).mpeg.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\bukkake sperm [bangbus] traffic (Anniston).avi.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\british trambling masturbation nipples lady .zip.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\fucking blowjob several models .mpg.exe	1ba5f737266142034a25bba3c96b39a0N.exe
File created	C:\Windows\mssrv.exe	1ba5f737266142034a25bba3c96b39a0N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ba5f737266142034a25bba3c96b39a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ba5f737266142034a25bba3c96b39a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ba5f737266142034a25bba3c96b39a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ba5f737266142034a25bba3c96b39a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ba5f737266142034a25bba3c96b39a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ba5f737266142034a25bba3c96b39a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ba5f737266142034a25bba3c96b39a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ba5f737266142034a25bba3c96b39a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ba5f737266142034a25bba3c96b39a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ba5f737266142034a25bba3c96b39a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ba5f737266142034a25bba3c96b39a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ba5f737266142034a25bba3c96b39a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ba5f737266142034a25bba3c96b39a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ba5f737266142034a25bba3c96b39a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ba5f737266142034a25bba3c96b39a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ba5f737266142034a25bba3c96b39a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ba5f737266142034a25bba3c96b39a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ba5f737266142034a25bba3c96b39a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ba5f737266142034a25bba3c96b39a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ba5f737266142034a25bba3c96b39a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ba5f737266142034a25bba3c96b39a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ba5f737266142034a25bba3c96b39a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ba5f737266142034a25bba3c96b39a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ba5f737266142034a25bba3c96b39a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ba5f737266142034a25bba3c96b39a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ba5f737266142034a25bba3c96b39a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ba5f737266142034a25bba3c96b39a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ba5f737266142034a25bba3c96b39a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ba5f737266142034a25bba3c96b39a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ba5f737266142034a25bba3c96b39a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ba5f737266142034a25bba3c96b39a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ba5f737266142034a25bba3c96b39a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ba5f737266142034a25bba3c96b39a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ba5f737266142034a25bba3c96b39a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ba5f737266142034a25bba3c96b39a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ba5f737266142034a25bba3c96b39a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ba5f737266142034a25bba3c96b39a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ba5f737266142034a25bba3c96b39a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ba5f737266142034a25bba3c96b39a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ba5f737266142034a25bba3c96b39a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ba5f737266142034a25bba3c96b39a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ba5f737266142034a25bba3c96b39a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ba5f737266142034a25bba3c96b39a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ba5f737266142034a25bba3c96b39a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ba5f737266142034a25bba3c96b39a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ba5f737266142034a25bba3c96b39a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ba5f737266142034a25bba3c96b39a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ba5f737266142034a25bba3c96b39a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ba5f737266142034a25bba3c96b39a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ba5f737266142034a25bba3c96b39a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ba5f737266142034a25bba3c96b39a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ba5f737266142034a25bba3c96b39a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ba5f737266142034a25bba3c96b39a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ba5f737266142034a25bba3c96b39a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ba5f737266142034a25bba3c96b39a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ba5f737266142034a25bba3c96b39a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ba5f737266142034a25bba3c96b39a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ba5f737266142034a25bba3c96b39a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ba5f737266142034a25bba3c96b39a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ba5f737266142034a25bba3c96b39a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ba5f737266142034a25bba3c96b39a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ba5f737266142034a25bba3c96b39a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ba5f737266142034a25bba3c96b39a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1ba5f737266142034a25bba3c96b39a0N.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2460	1ba5f737266142034a25bba3c96b39a0N.exe
2880	1ba5f737266142034a25bba3c96b39a0N.exe
2460	1ba5f737266142034a25bba3c96b39a0N.exe
2692	1ba5f737266142034a25bba3c96b39a0N.exe
332	1ba5f737266142034a25bba3c96b39a0N.exe
2880	1ba5f737266142034a25bba3c96b39a0N.exe
2460	1ba5f737266142034a25bba3c96b39a0N.exe
1608	1ba5f737266142034a25bba3c96b39a0N.exe
1584	1ba5f737266142034a25bba3c96b39a0N.exe
2676	1ba5f737266142034a25bba3c96b39a0N.exe
1724	1ba5f737266142034a25bba3c96b39a0N.exe
2692	1ba5f737266142034a25bba3c96b39a0N.exe
2880	1ba5f737266142034a25bba3c96b39a0N.exe
332	1ba5f737266142034a25bba3c96b39a0N.exe
2460	1ba5f737266142034a25bba3c96b39a0N.exe
852	1ba5f737266142034a25bba3c96b39a0N.exe
1728	1ba5f737266142034a25bba3c96b39a0N.exe
1608	1ba5f737266142034a25bba3c96b39a0N.exe
2004	1ba5f737266142034a25bba3c96b39a0N.exe
316	1ba5f737266142034a25bba3c96b39a0N.exe
1584	1ba5f737266142034a25bba3c96b39a0N.exe
1952	1ba5f737266142034a25bba3c96b39a0N.exe
2692	1ba5f737266142034a25bba3c96b39a0N.exe
2880	1ba5f737266142034a25bba3c96b39a0N.exe
1724	1ba5f737266142034a25bba3c96b39a0N.exe
332	1ba5f737266142034a25bba3c96b39a0N.exe
2932	1ba5f737266142034a25bba3c96b39a0N.exe
2704	1ba5f737266142034a25bba3c96b39a0N.exe
2112	1ba5f737266142034a25bba3c96b39a0N.exe
2676	1ba5f737266142034a25bba3c96b39a0N.exe
2460	1ba5f737266142034a25bba3c96b39a0N.exe
1780	1ba5f737266142034a25bba3c96b39a0N.exe
852	1ba5f737266142034a25bba3c96b39a0N.exe
2980	1ba5f737266142034a25bba3c96b39a0N.exe
1836	1ba5f737266142034a25bba3c96b39a0N.exe
976	1ba5f737266142034a25bba3c96b39a0N.exe
1448	1ba5f737266142034a25bba3c96b39a0N.exe
1608	1ba5f737266142034a25bba3c96b39a0N.exe
1728	1ba5f737266142034a25bba3c96b39a0N.exe
1728	1ba5f737266142034a25bba3c96b39a0N.exe
2004	1ba5f737266142034a25bba3c96b39a0N.exe
2004	1ba5f737266142034a25bba3c96b39a0N.exe
1944	1ba5f737266142034a25bba3c96b39a0N.exe
1944	1ba5f737266142034a25bba3c96b39a0N.exe
1028	1ba5f737266142034a25bba3c96b39a0N.exe
1028	1ba5f737266142034a25bba3c96b39a0N.exe
316	1ba5f737266142034a25bba3c96b39a0N.exe
316	1ba5f737266142034a25bba3c96b39a0N.exe
2288	1ba5f737266142034a25bba3c96b39a0N.exe
2288	1ba5f737266142034a25bba3c96b39a0N.exe
1584	1ba5f737266142034a25bba3c96b39a0N.exe
1584	1ba5f737266142034a25bba3c96b39a0N.exe
1720	1ba5f737266142034a25bba3c96b39a0N.exe
1720	1ba5f737266142034a25bba3c96b39a0N.exe
1756	1ba5f737266142034a25bba3c96b39a0N.exe
1756	1ba5f737266142034a25bba3c96b39a0N.exe
2204	1ba5f737266142034a25bba3c96b39a0N.exe
2204	1ba5f737266142034a25bba3c96b39a0N.exe
2880	1ba5f737266142034a25bba3c96b39a0N.exe
2880	1ba5f737266142034a25bba3c96b39a0N.exe
2692	1ba5f737266142034a25bba3c96b39a0N.exe
2692	1ba5f737266142034a25bba3c96b39a0N.exe
2880	1ba5f737266142034a25bba3c96b39a0N.exe
332	1ba5f737266142034a25bba3c96b39a0N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2460 wrote to memory of 2880	2460	1ba5f737266142034a25bba3c96b39a0N.exe	30
PID 2460 wrote to memory of 2880	2460	1ba5f737266142034a25bba3c96b39a0N.exe	30
PID 2460 wrote to memory of 2880	2460	1ba5f737266142034a25bba3c96b39a0N.exe	30
PID 2460 wrote to memory of 2880	2460	1ba5f737266142034a25bba3c96b39a0N.exe	30
PID 2880 wrote to memory of 2692	2880	1ba5f737266142034a25bba3c96b39a0N.exe	31
PID 2880 wrote to memory of 2692	2880	1ba5f737266142034a25bba3c96b39a0N.exe	31
PID 2880 wrote to memory of 2692	2880	1ba5f737266142034a25bba3c96b39a0N.exe	31
PID 2880 wrote to memory of 2692	2880	1ba5f737266142034a25bba3c96b39a0N.exe	31
PID 2460 wrote to memory of 332	2460	1ba5f737266142034a25bba3c96b39a0N.exe	32
PID 2460 wrote to memory of 332	2460	1ba5f737266142034a25bba3c96b39a0N.exe	32
PID 2460 wrote to memory of 332	2460	1ba5f737266142034a25bba3c96b39a0N.exe	32
PID 2460 wrote to memory of 332	2460	1ba5f737266142034a25bba3c96b39a0N.exe	32
PID 2692 wrote to memory of 1608	2692	1ba5f737266142034a25bba3c96b39a0N.exe	33
PID 2692 wrote to memory of 1608	2692	1ba5f737266142034a25bba3c96b39a0N.exe	33
PID 2692 wrote to memory of 1608	2692	1ba5f737266142034a25bba3c96b39a0N.exe	33
PID 2692 wrote to memory of 1608	2692	1ba5f737266142034a25bba3c96b39a0N.exe	33
PID 2880 wrote to memory of 1584	2880	1ba5f737266142034a25bba3c96b39a0N.exe	34
PID 2880 wrote to memory of 1584	2880	1ba5f737266142034a25bba3c96b39a0N.exe	34
PID 2880 wrote to memory of 1584	2880	1ba5f737266142034a25bba3c96b39a0N.exe	34
PID 2880 wrote to memory of 1584	2880	1ba5f737266142034a25bba3c96b39a0N.exe	34
PID 332 wrote to memory of 2676	332	1ba5f737266142034a25bba3c96b39a0N.exe	35
PID 332 wrote to memory of 2676	332	1ba5f737266142034a25bba3c96b39a0N.exe	35
PID 332 wrote to memory of 2676	332	1ba5f737266142034a25bba3c96b39a0N.exe	35
PID 332 wrote to memory of 2676	332	1ba5f737266142034a25bba3c96b39a0N.exe	35
PID 2460 wrote to memory of 1724	2460	1ba5f737266142034a25bba3c96b39a0N.exe	36
PID 2460 wrote to memory of 1724	2460	1ba5f737266142034a25bba3c96b39a0N.exe	36
PID 2460 wrote to memory of 1724	2460	1ba5f737266142034a25bba3c96b39a0N.exe	36
PID 2460 wrote to memory of 1724	2460	1ba5f737266142034a25bba3c96b39a0N.exe	36
PID 1608 wrote to memory of 852	1608	1ba5f737266142034a25bba3c96b39a0N.exe	38
PID 1608 wrote to memory of 852	1608	1ba5f737266142034a25bba3c96b39a0N.exe	38
PID 1608 wrote to memory of 852	1608	1ba5f737266142034a25bba3c96b39a0N.exe	38
PID 1608 wrote to memory of 852	1608	1ba5f737266142034a25bba3c96b39a0N.exe	38
PID 1584 wrote to memory of 1728	1584	1ba5f737266142034a25bba3c96b39a0N.exe	39
PID 1584 wrote to memory of 1728	1584	1ba5f737266142034a25bba3c96b39a0N.exe	39
PID 1584 wrote to memory of 1728	1584	1ba5f737266142034a25bba3c96b39a0N.exe	39
PID 1584 wrote to memory of 1728	1584	1ba5f737266142034a25bba3c96b39a0N.exe	39
PID 2692 wrote to memory of 316	2692	1ba5f737266142034a25bba3c96b39a0N.exe	41
PID 2692 wrote to memory of 316	2692	1ba5f737266142034a25bba3c96b39a0N.exe	41
PID 2692 wrote to memory of 316	2692	1ba5f737266142034a25bba3c96b39a0N.exe	41
PID 2692 wrote to memory of 316	2692	1ba5f737266142034a25bba3c96b39a0N.exe	41
PID 1724 wrote to memory of 2004	1724	1ba5f737266142034a25bba3c96b39a0N.exe	42
PID 1724 wrote to memory of 2004	1724	1ba5f737266142034a25bba3c96b39a0N.exe	42
PID 1724 wrote to memory of 2004	1724	1ba5f737266142034a25bba3c96b39a0N.exe	42
PID 1724 wrote to memory of 2004	1724	1ba5f737266142034a25bba3c96b39a0N.exe	42
PID 2676 wrote to memory of 1952	2676	1ba5f737266142034a25bba3c96b39a0N.exe	40
PID 2676 wrote to memory of 1952	2676	1ba5f737266142034a25bba3c96b39a0N.exe	40
PID 2676 wrote to memory of 1952	2676	1ba5f737266142034a25bba3c96b39a0N.exe	40
PID 2676 wrote to memory of 1952	2676	1ba5f737266142034a25bba3c96b39a0N.exe	40
PID 2880 wrote to memory of 2932	2880	1ba5f737266142034a25bba3c96b39a0N.exe	43
PID 2880 wrote to memory of 2932	2880	1ba5f737266142034a25bba3c96b39a0N.exe	43
PID 2880 wrote to memory of 2932	2880	1ba5f737266142034a25bba3c96b39a0N.exe	43
PID 2880 wrote to memory of 2932	2880	1ba5f737266142034a25bba3c96b39a0N.exe	43
PID 332 wrote to memory of 2704	332	1ba5f737266142034a25bba3c96b39a0N.exe	44
PID 332 wrote to memory of 2704	332	1ba5f737266142034a25bba3c96b39a0N.exe	44
PID 332 wrote to memory of 2704	332	1ba5f737266142034a25bba3c96b39a0N.exe	44
PID 332 wrote to memory of 2704	332	1ba5f737266142034a25bba3c96b39a0N.exe	44
PID 2460 wrote to memory of 2112	2460	1ba5f737266142034a25bba3c96b39a0N.exe	45
PID 2460 wrote to memory of 2112	2460	1ba5f737266142034a25bba3c96b39a0N.exe	45
PID 2460 wrote to memory of 2112	2460	1ba5f737266142034a25bba3c96b39a0N.exe	45
PID 2460 wrote to memory of 2112	2460	1ba5f737266142034a25bba3c96b39a0N.exe	45
PID 852 wrote to memory of 1780	852	1ba5f737266142034a25bba3c96b39a0N.exe	46
PID 852 wrote to memory of 1780	852	1ba5f737266142034a25bba3c96b39a0N.exe	46
PID 852 wrote to memory of 1780	852	1ba5f737266142034a25bba3c96b39a0N.exe	46
PID 852 wrote to memory of 1780	852	1ba5f737266142034a25bba3c96b39a0N.exe	46

C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
"C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2460
- C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
  "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2880
- - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2692
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1608
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:852
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        9⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        10⤵
        
        PID:10756
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        11⤵
        
        PID:23076
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        10⤵
        
        PID:21892
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        9⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        10⤵
        
        PID:21220
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        9⤵
        
        PID:10896
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        10⤵
        
        PID:23328
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        9⤵
        
        PID:22596
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        9⤵
        
        PID:9148
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        10⤵
        
        PID:21684
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        9⤵
        
        PID:21852
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        9⤵
        
        PID:10364
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        10⤵
        
        PID:22684
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        9⤵
        
        PID:22620
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:10724
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        9⤵
        
        PID:7200
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:22236
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        9⤵
        
        PID:11312
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        10⤵
        
        PID:10056
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        9⤵
        
        PID:20896
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:8012
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        9⤵
        
        PID:21036
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:11020
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        9⤵
        
        PID:9772
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:7828
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:9276
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        9⤵
        
        PID:22500
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:22316
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:20380
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:10984
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:22724
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:22044
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        9⤵
        
        PID:10664
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        10⤵
        
        PID:22564
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        9⤵
        
        PID:22804
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:8656
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        9⤵
        
        PID:22292
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:21092
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:9308
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        9⤵
        
        PID:22428
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:20560
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:10556
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        9⤵
        
        PID:22980
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:21620
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:11036
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:9624
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:21028
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:10548
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        9⤵
        
        PID:22468
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:21396
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:8776
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:20456
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:9252
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:23504
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:21740
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:7164
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:11932
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:10024
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:22588
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:10512
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:23304
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:22004
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:1836
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        9⤵
        
        PID:11224
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        10⤵
        
        PID:22944
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        9⤵
        
        PID:21652
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:8640
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        9⤵
        
        PID:22348
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:12504
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        9⤵
        
        PID:8460
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:9944
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:9244
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        9⤵
        
        PID:22556
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:21804
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:20952
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:10992
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:23220
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:21572
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:10656
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        9⤵
        
        PID:23368
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:22228
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:10176
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:22740
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:21660
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:10788
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:23020
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:21788
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:7652
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:21556
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:10956
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:9800
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:20912
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2756
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:20332
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:11320
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:23188
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:20872
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:10372
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:21204
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:21996
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:9340
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:4800
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:22212
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:3892
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:10348
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:23084
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:22260
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:10492
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:23156
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:21020
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:5440
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:10412
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:9992
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:22636
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:7944
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:21292
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:10948
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:22836
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:20888
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:316
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1448
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        9⤵
        
        PID:20616
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:11160
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        9⤵
        
        PID:23352
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:22164
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:10436
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        9⤵
        
        PID:20812
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:20824
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:10284
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:21008
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:11496
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        9⤵
        
        PID:23068
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:21828
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:9324
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:22708
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:21116
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:11176
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:23004
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:22020
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:7408
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:21428
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:10536
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:22960
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:22364
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:2836
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:20592
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:11232
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:22140
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:11756
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:23424
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:21940
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:9316
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:8632
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:21844
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:11572
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:9644
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:21980
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:10796
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:22544
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:6856
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:5644
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:10444
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:23448
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:20424
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:7956
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:5152
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:11008
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:21724
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:20944
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1028
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:2168
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:7772
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:20992
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:11004
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:22748
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:20864
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:6304
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:10356
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:22412
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:21420
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:10244
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:9004
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:21228
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3948
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:6460
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:12412
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:23528
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:21916
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:9728
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:22508
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:21644
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:5628
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:10504
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:21516
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:5608
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:8676
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:21052
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:21076
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2064
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:4580
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:5216
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:10856
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:23100
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:22052
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:6712
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:11564
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:23092
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:21988
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:8348
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:23284
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:22628
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3236
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:6888
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:11552
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:23172
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:22116
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:9332
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:9912
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:21412
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:5976
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:10708
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:22692
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:20936
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:10328
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:20740
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:21044
- - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1584
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1728
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2980
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        9⤵
        
        PID:10476
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        10⤵
        
        PID:22764
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        9⤵
        
        PID:20856
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:8648
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        9⤵
        
        PID:20652
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:20496
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:9300
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        9⤵
        
        PID:23108
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:21500
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:20960
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:11116
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:23052
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:21364
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:10564
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        9⤵
        
        PID:22572
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:21796
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:8744
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:20724
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:21372
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:9284
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:22820
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:21492
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:21100
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:11168
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:22868
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:22356
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2764
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:11924
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        9⤵
        
        PID:23164
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:21668
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:11260
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:22996
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:21532
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:11464
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:23012
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:21964
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:10484
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:21540
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:21252
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:3884
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:11836
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:10016
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:21956
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:10152
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:22452
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:22108
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:5448
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:10748
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:21276
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:21676
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:8032
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:5040
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:10864
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:22908
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:20920
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1944
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2852
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:7840
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:22404
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:11508
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:22988
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:22340
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:10688
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:22668
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:22812
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:10160
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:23440
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:22076
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:3936
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:10672
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:22756
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:22772
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:10252
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:20880
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:5604
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:5580
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:10624
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:23044
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:22148
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:7612
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:20968
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:11124
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:7900
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:20772
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2604
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:4332
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:8720
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:20984
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:7076
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:6360
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:10780
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:22492
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:21772
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:9348
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:23260
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:6528
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:3984
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:6684
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:12180
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:23124
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:21924
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:9268
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:23296
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:22132
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:5636
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:10632
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:20636
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:21636
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:8704
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:21436
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:20488
- - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2932
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:1588
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3284
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:10828
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:21716
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:21244
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:7184
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:20000
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:10528
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:23336
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:22204
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:4468
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:8136
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:21484
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:10968
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:22436
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:22092
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:6572
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:11804
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:23496
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:21324
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:9508
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:23212
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:20976
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3376
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:5264
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:10820
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:23456
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:21380
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:7428
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:20536
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:11192
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:22928
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:20804
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4540
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:8752
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:22276
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:20764
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:6644
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:11748
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:8484
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:21900
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:10812
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:20464
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:20700
- - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2288
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2680
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:4388
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:21692
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:10732
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:21332
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:22284
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:6408
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:10648
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:21508
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:22156
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:10276
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:23432
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:21172
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:4040
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:6720
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:12332
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:3052
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:21932
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:8672
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:20416
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:21476
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:5836
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:10640
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:23392
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:22188
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:8768
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:5816
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:7924
- - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3068
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4640
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:8788
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:5768
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:20716
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:6800
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:12172
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:9608
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:21836
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:9372
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:22892
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:21404
- - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3340
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:6860
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:20340
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:10976
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:23464
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:22268
- - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
    3⤵
    PID:6008
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:10696
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:8116
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:21868
- - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
    3⤵
    PID:10144
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:9080
- - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
    3⤵
    PID:22644
- C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
  "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:332
- - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2676
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1952
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2204
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:740
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:9292
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        9⤵
        
        PID:22460
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:21468
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:12388
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        9⤵
        
        PID:9616
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:22900
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:11044
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:22444
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:21764
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:7060
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:20364
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:11068
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:23028
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:20732
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:10608
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:23116
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:22828
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:10292
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:23480
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:21000
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:3208
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:9236
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:23204
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:21748
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:3924
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:11288
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:9116
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:20644
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4256
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:7892
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:6248
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:11272
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:23360
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:21124
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:6344
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:10380
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:9828
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:22612
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:10128
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:23384
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:22084
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2584
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3316
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:10312
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:22676
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:21460
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:21132
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:11208
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:22580
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:22324
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4500
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:8696
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:21700
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:12524
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:8624
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:23488
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:6628
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:10584
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:20848
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:21628
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:10804
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:9588
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:21948
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:3248
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:5100
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:9260
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:22860
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:22036
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:6912
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:20624
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:11092
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:23060
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:21708
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4460
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:7256
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:20568
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:11304
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:8312
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:21268
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:6596
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:10576
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:23148
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:21612
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:10268
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:21140
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:21212
- - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2704
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:1676
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:3228
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:9220
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:22780
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:21884
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:4536
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:10344
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:22388
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:22172
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4432
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:19788
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:10520
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:10108
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:22220
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:6432
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:11844
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:23180
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:21972
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:10184
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:7748
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:22604
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:3304
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:5236
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:11244
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:23228
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:20708
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:7396
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:20600
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:10884
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:23408
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:21348
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:4492
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:8684
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:22660
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:21356
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:6604
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:12380
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:9984
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:10320
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:9356
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:20748
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:6384
- - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1720
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:3040
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4368
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:21084
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:11280
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:22916
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:21340
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:6400
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:10460
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:23512
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:21068
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:9364
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:23236
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:21444
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4072
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:6936
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:10836
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:23268
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:20440
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:11052
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:23520
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:5156
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:5900
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:10680
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:20820
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:22796
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:8728
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:21300
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:20512
- - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
    3⤵
    PID:1624
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4788
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:9228
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:21308
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:21148
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:7016
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:11700
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:23276
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:22196
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:10920
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:23036
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:6356
- - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3360
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:6564
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:20504
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:11028
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:22884
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:21812
- - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
    3⤵
    PID:6016
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:10600
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:20676
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:21596
- - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
    3⤵
    PID:10304
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:21156
- - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
    3⤵
    PID:22068
- C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
  "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1724
- - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2004
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:976
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2380
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:12400
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        9⤵
        
        PID:23196
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:9084
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:11060
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:21732
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:20756
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:11484
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:22952
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:21860
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:9896
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:23400
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:21188
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3872
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:11432
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        8⤵
        
        PID:22716
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:22028
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:9916
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:22476
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:21180
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:5432
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:10420
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:22380
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:20840
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:7684
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:5828
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:10704
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:23244
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:21060
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4220
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:8000
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:20528
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:11328
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:22936
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:21316
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:6320
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:11904
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:22972
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:21908
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:10136
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:22524
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:21580
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:3916
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:6240
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:11764
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:8604
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:21876
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:8784
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:23376
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:6468
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:5496
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:10404
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:20684
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:22012
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:7296
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:6744
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:10904
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:22420
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:22252
- - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1756
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:1116
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:4408
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:7192
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:5288
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:11296
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:10192
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:20904
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:6444
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:10616
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:22484
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:22180
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:10844
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:22536
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:21756
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4032
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:6780
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:11532
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:10076
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:22332
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:10932
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:22732
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:20544
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:5756
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:10452
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:20448
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:5504
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:8760
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:21236
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:20372
- - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
    3⤵
    PID:628
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4772
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:8736
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:20660
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:6896
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:7000
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:10772
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:9088
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:21780
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:10716
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:22852
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:22788
- - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
    3⤵
    PID:3860
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:7116
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:10468
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:21388
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:20928
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:10888
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:22876
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:21452
- - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
    3⤵
    PID:6068
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:10592
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:23252
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:21604
- - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
    3⤵
    PID:10168
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:22516
- - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
    3⤵
    PID:22124
- C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
  "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2112
- - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
    3⤵
    PID:1032
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:3452
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:5388
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:10540
        
        C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        7⤵
        
        PID:22308
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:21108
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:7456
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:1292
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:11336
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:23320
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:21820
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4568
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:8320
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:21524
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:21164
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:6824
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:19340
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:11084
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:22700
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:20788
- - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
    3⤵
    PID:3392
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:5300
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:11236
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:22844
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:20692
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:7436
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:6680
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:11252
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:21196
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:22300
- - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
    3⤵
    PID:4556
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:7764
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:20520
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:10960
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:9820
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:22060
- - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
    3⤵
    PID:6660
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:11676
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:10032
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:22100
- - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
    3⤵
    PID:10260
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:23536
- - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
    3⤵
    PID:20780
- C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
  "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1936
- - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
    3⤵
    PID:3348
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:5244
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:10740
      - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        6⤵
        
        PID:23416
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:22244
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:7568
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:7128
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:11212
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:23472
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:21588
- - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4512
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:7920
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:20352
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:11516
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:23312
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:21260
- - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
    3⤵
    PID:6612
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:10396
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:9636
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:22372
- - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
    3⤵
    PID:11104
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:8048
- - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
    3⤵
    PID:20796
- C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
  "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3332
- - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
    3⤵
    PID:5280
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:10388
    - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
        5⤵
        
        PID:21284
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:22652
- - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
    3⤵
    PID:7444
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:20216
- - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
    3⤵
    PID:11136
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:23544
- - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
    3⤵
    PID:21564
- C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
  "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4520
- - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
    3⤵
    PID:8712
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:20432
- - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
    3⤵
    PID:12512
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:9100
- - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
    3⤵
    PID:8924
- C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
  "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
  2⤵
  PID:6620
- - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
    3⤵
    PID:10428
  - - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
      4⤵
      PID:23344
- - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
    3⤵
    PID:20832
- C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
  "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
  2⤵
  PID:10764
- - C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
    3⤵
    PID:22396
- C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe
  "C:\Users\Admin\AppData\Local\Temp\1ba5f737266142034a25bba3c96b39a0N.exe"
  2⤵
  PID:20552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\fetish lingerie [free] (Janette,Sonja).mpg.exe

Filesize
2.1MB

MD5
5dcee188f3432f0059dd03435eb4bb94

SHA1
89ed50cd76dcca3444a42a3f2bea71b3d4c99d28

SHA256
c5bb7814ccebb51b5b8a522139eee8b0b9c8796eee9f5fb9506dda36e53225a5

SHA512
ad36d428f653ac5c4b7a227d79cf0830285cc30ed5ee57218429c5ff0c4c8e045344ab4fc7b3e95b4f831b650bb47096103135ea5e24420865938e7823e0f1ca

Download Submit
C:\debug.txt

Filesize
183B

MD5
5a5b7569c9c454414f5de6db289d2976

SHA1
aa5eff5cf1a2b36aff3b973d0b620518b1f8578e

SHA256
53c2b65739beece8db499e55ccd1477a7591642992055a33c1c1872613ba422a

SHA512
6bad1acf78a95842a4dab75829b4e97c78bcb1064a9d69aa2bb9908c13a94814c027e68377e30565cc6dab5f40cbe9ab74e7839b7a4da0b00e9032b476b9aa7b

Download Submit
memory/332-111-0x0000000005060000-0x000000000507C000-memory.dmp

Filesize
112KB

Download
memory/332-127-0x0000000005060000-0x000000000507C000-memory.dmp

Filesize
112KB

Download
memory/332-118-0x0000000005060000-0x000000000507C000-memory.dmp

Filesize
112KB

Download
memory/852-103-0x0000000004580000-0x000000000459C000-memory.dmp

Filesize
112KB

Download
memory/976-114-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/976-167-0x0000000001FB0000-0x0000000001FCC000-memory.dmp

Filesize
112KB

Download
memory/1028-110-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1448-115-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1448-162-0x0000000005050000-0x000000000506C000-memory.dmp

Filesize
112KB

Download
memory/1448-153-0x0000000005050000-0x000000000506C000-memory.dmp

Filesize
112KB

Download
memory/1448-107-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1584-108-0x0000000005050000-0x000000000506C000-memory.dmp

Filesize
112KB

Download
memory/1608-93-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1608-158-0x0000000004E30000-0x0000000004E4C000-memory.dmp

Filesize
112KB

Download
memory/1608-169-0x0000000004E30000-0x0000000004E4C000-memory.dmp

Filesize
112KB

Download
memory/1608-105-0x0000000004E20000-0x0000000004E3C000-memory.dmp

Filesize
112KB

Download
memory/1608-109-0x0000000004E20000-0x0000000004E3C000-memory.dmp

Filesize
112KB

Download
memory/1676-119-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1676-130-0x0000000004DD0000-0x0000000004DEC000-memory.dmp

Filesize
112KB

Download
memory/1676-138-0x0000000004DD0000-0x0000000004DEC000-memory.dmp

Filesize
112KB

Download
memory/1728-159-0x0000000004F20000-0x0000000004F3C000-memory.dmp

Filesize
112KB

Download
memory/1728-171-0x0000000004F20000-0x0000000004F3C000-memory.dmp

Filesize
112KB

Download
memory/1780-152-0x0000000004AB0000-0x0000000004ACC000-memory.dmp

Filesize
112KB

Download
memory/1780-146-0x0000000004AB0000-0x0000000004ACC000-memory.dmp

Filesize
112KB

Download
memory/1780-104-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1836-154-0x0000000000860000-0x000000000087C000-memory.dmp

Filesize
112KB

Download
memory/1836-163-0x0000000000860000-0x000000000087C000-memory.dmp

Filesize
112KB

Download
memory/1936-137-0x00000000045C0000-0x00000000045DC000-memory.dmp

Filesize
112KB

Download
memory/1936-142-0x00000000045C0000-0x00000000045DC000-memory.dmp

Filesize
112KB

Download
memory/1936-189-0x00000000045D0000-0x00000000045EC000-memory.dmp

Filesize
112KB

Download
memory/1952-128-0x0000000004550000-0x000000000456C000-memory.dmp

Filesize
112KB

Download
memory/2004-112-0x0000000004A90000-0x0000000004AAC000-memory.dmp

Filesize
112KB

Download
memory/2004-99-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2004-106-0x0000000004A90000-0x0000000004AAC000-memory.dmp

Filesize
112KB

Download
memory/2112-124-0x0000000004DD0000-0x0000000004DEC000-memory.dmp

Filesize
112KB

Download
memory/2116-149-0x0000000004DD0000-0x0000000004DEC000-memory.dmp

Filesize
112KB

Download
memory/2284-122-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2288-120-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2288-113-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2288-176-0x0000000004F20000-0x0000000004F3C000-memory.dmp

Filesize
112KB

Download
memory/2460-92-0x0000000005470000-0x000000000548C000-memory.dmp

Filesize
112KB

Download
memory/2460-90-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2460-89-0x0000000005C80000-0x0000000005C9C000-memory.dmp

Filesize
112KB

Download
memory/2460-190-0x0000000005FC0000-0x0000000005FDC000-memory.dmp

Filesize
112KB

Download
memory/2460-134-0x0000000005FC0000-0x0000000005FDC000-memory.dmp

Filesize
112KB

Download
memory/2460-101-0x0000000005FC0000-0x0000000005FDC000-memory.dmp

Filesize
112KB

Download
memory/2460-0-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2460-97-0x0000000005C80000-0x0000000005C9C000-memory.dmp

Filesize
112KB

Download
memory/2460-140-0x0000000005FC0000-0x0000000005FDC000-memory.dmp

Filesize
112KB

Download
memory/2460-61-0x0000000005470000-0x000000000548C000-memory.dmp

Filesize
112KB

Download
memory/2584-116-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2584-187-0x00000000045B0000-0x00000000045CC000-memory.dmp

Filesize
112KB

Download
memory/2676-96-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2676-131-0x0000000004B00000-0x0000000004B1C000-memory.dmp

Filesize
112KB

Download
memory/2692-91-0x0000000004CD0000-0x0000000004CEC000-memory.dmp

Filesize
112KB

Download
memory/2708-178-0x0000000004DD0000-0x0000000004DEC000-memory.dmp

Filesize
112KB

Download
memory/2880-88-0x0000000004DD0000-0x0000000004DEC000-memory.dmp

Filesize
112KB

Download
memory/2880-94-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2880-95-0x0000000004DD0000-0x0000000004DEC000-memory.dmp

Filesize
112KB

Download
memory/2880-117-0x0000000005060000-0x000000000507C000-memory.dmp

Filesize
112KB

Download
memory/2932-100-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2932-191-0x0000000001F20000-0x0000000001F3C000-memory.dmp

Filesize
112KB

Download
memory/2980-123-0x0000000004580000-0x000000000459C000-memory.dmp

Filesize
112KB

Download
memory/2980-151-0x0000000004AB0000-0x0000000004ACC000-memory.dmp

Filesize
112KB

Download
memory/2980-125-0x0000000004580000-0x000000000459C000-memory.dmp

Filesize
112KB

Download
memory/3040-126-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3208-135-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3208-129-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3228-132-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3248-139-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3248-133-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3304-136-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3304-141-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3316-145-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3348-147-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3376-148-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3452-150-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3732-160-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3840-165-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3840-155-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3852-166-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3852-156-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3872-157-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3872-168-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3892-172-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3892-161-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3916-164-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3916-173-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3928-179-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3948-170-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3948-175-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4040-174-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4040-177-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4388-186-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4460-188-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4460-192-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download