f53b6ca53d80b8930b56f4291f97f9cbd7976a3a4592d205a73b9ddd09ce0a75

Analysis

max time kernel
30s
max time network
17s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
21/08/2024, 09:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8ba65977350fe214f6f53bfc7609dcd0N.exe
Size

1.2MB
MD5

8ba65977350fe214f6f53bfc7609dcd0
SHA1

f83ac139d2e730bd50b19a9e241a61f44d03819c
SHA256

f53b6ca53d80b8930b56f4291f97f9cbd7976a3a4592d205a73b9ddd09ce0a75
SHA512

2b508a1ffc66727914b6f38c128c80819cdd69421bd6d33c78d06ea76ff5011f14184edbba647dd9ae9de279f8560a8372991fefdcc43f3cf10d0fe7aae0196c
SSDEEP

24576:sWuT9SdYjPULkx+M7wbyh1gzqJOlGX8U4MQjJZnT+x3t:B6gwQAZ1fIk4Hgt

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	8ba65977350fe214f6f53bfc7609dcd0N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\A:	8ba65977350fe214f6f53bfc7609dcd0N.exe
File opened (read-only)	\??\G:	8ba65977350fe214f6f53bfc7609dcd0N.exe
File opened (read-only)	\??\W:	8ba65977350fe214f6f53bfc7609dcd0N.exe
File opened (read-only)	\??\K:	8ba65977350fe214f6f53bfc7609dcd0N.exe
File opened (read-only)	\??\L:	8ba65977350fe214f6f53bfc7609dcd0N.exe
File opened (read-only)	\??\N:	8ba65977350fe214f6f53bfc7609dcd0N.exe
File opened (read-only)	\??\S:	8ba65977350fe214f6f53bfc7609dcd0N.exe
File opened (read-only)	\??\T:	8ba65977350fe214f6f53bfc7609dcd0N.exe
File opened (read-only)	\??\H:	8ba65977350fe214f6f53bfc7609dcd0N.exe
File opened (read-only)	\??\I:	8ba65977350fe214f6f53bfc7609dcd0N.exe
File opened (read-only)	\??\J:	8ba65977350fe214f6f53bfc7609dcd0N.exe
File opened (read-only)	\??\U:	8ba65977350fe214f6f53bfc7609dcd0N.exe
File opened (read-only)	\??\V:	8ba65977350fe214f6f53bfc7609dcd0N.exe
File opened (read-only)	\??\Y:	8ba65977350fe214f6f53bfc7609dcd0N.exe
File opened (read-only)	\??\Q:	8ba65977350fe214f6f53bfc7609dcd0N.exe
File opened (read-only)	\??\M:	8ba65977350fe214f6f53bfc7609dcd0N.exe
File opened (read-only)	\??\O:	8ba65977350fe214f6f53bfc7609dcd0N.exe
File opened (read-only)	\??\P:	8ba65977350fe214f6f53bfc7609dcd0N.exe
File opened (read-only)	\??\X:	8ba65977350fe214f6f53bfc7609dcd0N.exe
File opened (read-only)	\??\Z:	8ba65977350fe214f6f53bfc7609dcd0N.exe
File opened (read-only)	\??\B:	8ba65977350fe214f6f53bfc7609dcd0N.exe
File opened (read-only)	\??\E:	8ba65977350fe214f6f53bfc7609dcd0N.exe
File opened (read-only)	\??\R:	8ba65977350fe214f6f53bfc7609dcd0N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\Temp\indian kicking fucking several models .zip.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\SysWOW64\IME\shared\american fetish xxx public .mpeg.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\brasilian nude gay sleeping leather .avi.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\japanese horse blowjob [bangbus] (Karin).rar.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\horse full movie titts .mpeg.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\SysWOW64\IME\shared\tyrkish beastiality lesbian full movie feet (Sonja,Jade).mpg.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\black cumshot horse lesbian Ôë .zip.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\trambling uncut black hairunshaved .mpeg.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\canadian sperm full movie 40+ .avi.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\italian cum lesbian catfight titts shoes (Jade).rar.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\lesbian masturbation cock 50+ .avi.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Program Files (x86)\Google\Update\Download\tyrkish nude hardcore full movie .mpeg.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Program Files\DVD Maker\Shared\swedish cum fucking girls upskirt .avi.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\brasilian porn lesbian girls ìï .rar.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\american kicking blowjob several models .rar.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\danish action xxx girls titts (Sonja,Tatjana).rar.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\xxx licking glans bondage .zip.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\russian handjob xxx big castration .mpg.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Program Files (x86)\Google\Temp\beast public penetration .mpeg.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\trambling hot (!) feet sm .mpeg.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\hardcore [free] pregnant .mpeg.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\indian cum trambling uncut feet sweet .zip.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Program Files\Windows Journal\Templates\tyrkish nude blowjob catfight mature .zip.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\black cum bukkake masturbation mature .zip.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\hardcore big stockings .mpg.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\bukkake [bangbus] (Karin).rar.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\chinese lesbian several models (Karin).avi.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\black action hardcore public redhair .avi.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\danish gang bang xxx public glans .rar.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\brasilian animal blowjob licking glans .mpg.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\nude beast [milf] (Curtney).zip.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\french bukkake catfight cock .rar.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\brasilian kicking lingerie several models .mpeg.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\indian kicking horse catfight cock .mpeg.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\bukkake hidden glans swallow (Sarah).mpeg.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\xxx public cock (Christine,Jade).mpeg.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\german fucking voyeur (Sylvia).avi.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\british trambling [bangbus] fishy (Sonja,Curtney).mpg.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\chinese trambling big bedroom .mpeg.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\security\templates\swedish animal fucking several models penetration .mpeg.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\russian horse trambling lesbian feet .mpeg.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\asian blowjob masturbation fishy .zip.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\malaysia lingerie lesbian bedroom .avi.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\spanish gay girls glans fishy .zip.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\winsxs\Temp\japanese porn trambling catfight feet .avi.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\nude horse masturbation titts lady .avi.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\PLA\Templates\danish cum lingerie hot (!) .rar.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\spanish blowjob sleeping traffic .avi.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\norwegian lingerie big bondage (Anniston,Karin).mpeg.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\tyrkish kicking xxx voyeur (Tatjana).mpg.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\beast full movie balls .zip.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\tyrkish horse trambling several models girly .avi.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\african xxx hidden shower .rar.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\black action gay licking penetration .zip.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\tyrkish gang bang lesbian full movie hotel .avi.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\gay lesbian hole bondage (Samantha).mpg.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\russian action lingerie voyeur girly .avi.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\indian gang bang bukkake several models glans circumcision .avi.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\gang bang lesbian hot (!) feet 50+ .avi.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\horse beast sleeping feet .rar.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\german horse masturbation hole redhair .mpeg.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\swedish kicking blowjob licking (Jade).mpg.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\japanese handjob bukkake [free] feet mature (Tatjana).mpeg.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\russian animal blowjob catfight young .mpg.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\winsxs\InstallTemp\fucking big .mpeg.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\beastiality horse [bangbus] .mpeg.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\black fetish horse lesbian (Karin).avi.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\trambling several models feet wifey (Tatjana).avi.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\swedish fetish xxx hidden .mpg.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\german hardcore public hole .mpg.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\gang bang fucking hot (!) .zip.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\cumshot beast several models 40+ .mpg.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\gay big .zip.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\fetish blowjob full movie cock .mpeg.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\american nude sperm several models titts bondage (Tatjana).rar.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\german lingerie [milf] hairy (Anniston,Melissa).mpg.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\malaysia bukkake lesbian young (Gina,Curtney).mpeg.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\sperm girls feet swallow .mpeg.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\hardcore hidden (Janette).mpeg.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\french lingerie lesbian latex .rar.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\sperm voyeur hole sweet (Sylvia).zip.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\german beast several models titts .mpeg.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\spanish gay full movie swallow (Jenna,Tatjana).zip.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\african lesbian sleeping circumcision .rar.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\lesbian sleeping (Curtney).zip.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\indian porn trambling licking titts 50+ .mpg.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\norwegian beast hidden balls .avi.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\beast [bangbus] (Sylvia).mpeg.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\horse blowjob masturbation .mpeg.exe	8ba65977350fe214f6f53bfc7609dcd0N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4056	2104	WerFault.exe	29

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ba65977350fe214f6f53bfc7609dcd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ba65977350fe214f6f53bfc7609dcd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ba65977350fe214f6f53bfc7609dcd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ba65977350fe214f6f53bfc7609dcd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ba65977350fe214f6f53bfc7609dcd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ba65977350fe214f6f53bfc7609dcd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ba65977350fe214f6f53bfc7609dcd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ba65977350fe214f6f53bfc7609dcd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ba65977350fe214f6f53bfc7609dcd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ba65977350fe214f6f53bfc7609dcd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ba65977350fe214f6f53bfc7609dcd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ba65977350fe214f6f53bfc7609dcd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ba65977350fe214f6f53bfc7609dcd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ba65977350fe214f6f53bfc7609dcd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ba65977350fe214f6f53bfc7609dcd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ba65977350fe214f6f53bfc7609dcd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ba65977350fe214f6f53bfc7609dcd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ba65977350fe214f6f53bfc7609dcd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ba65977350fe214f6f53bfc7609dcd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ba65977350fe214f6f53bfc7609dcd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ba65977350fe214f6f53bfc7609dcd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ba65977350fe214f6f53bfc7609dcd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ba65977350fe214f6f53bfc7609dcd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ba65977350fe214f6f53bfc7609dcd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ba65977350fe214f6f53bfc7609dcd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ba65977350fe214f6f53bfc7609dcd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ba65977350fe214f6f53bfc7609dcd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ba65977350fe214f6f53bfc7609dcd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ba65977350fe214f6f53bfc7609dcd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ba65977350fe214f6f53bfc7609dcd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ba65977350fe214f6f53bfc7609dcd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ba65977350fe214f6f53bfc7609dcd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ba65977350fe214f6f53bfc7609dcd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ba65977350fe214f6f53bfc7609dcd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ba65977350fe214f6f53bfc7609dcd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ba65977350fe214f6f53bfc7609dcd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ba65977350fe214f6f53bfc7609dcd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ba65977350fe214f6f53bfc7609dcd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ba65977350fe214f6f53bfc7609dcd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ba65977350fe214f6f53bfc7609dcd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ba65977350fe214f6f53bfc7609dcd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ba65977350fe214f6f53bfc7609dcd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ba65977350fe214f6f53bfc7609dcd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ba65977350fe214f6f53bfc7609dcd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ba65977350fe214f6f53bfc7609dcd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ba65977350fe214f6f53bfc7609dcd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ba65977350fe214f6f53bfc7609dcd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ba65977350fe214f6f53bfc7609dcd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ba65977350fe214f6f53bfc7609dcd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ba65977350fe214f6f53bfc7609dcd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ba65977350fe214f6f53bfc7609dcd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ba65977350fe214f6f53bfc7609dcd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ba65977350fe214f6f53bfc7609dcd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ba65977350fe214f6f53bfc7609dcd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ba65977350fe214f6f53bfc7609dcd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ba65977350fe214f6f53bfc7609dcd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ba65977350fe214f6f53bfc7609dcd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ba65977350fe214f6f53bfc7609dcd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ba65977350fe214f6f53bfc7609dcd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ba65977350fe214f6f53bfc7609dcd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ba65977350fe214f6f53bfc7609dcd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ba65977350fe214f6f53bfc7609dcd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ba65977350fe214f6f53bfc7609dcd0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ba65977350fe214f6f53bfc7609dcd0N.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2104	8ba65977350fe214f6f53bfc7609dcd0N.exe
2776	8ba65977350fe214f6f53bfc7609dcd0N.exe
2104	8ba65977350fe214f6f53bfc7609dcd0N.exe
1956	8ba65977350fe214f6f53bfc7609dcd0N.exe
1912	8ba65977350fe214f6f53bfc7609dcd0N.exe
2776	8ba65977350fe214f6f53bfc7609dcd0N.exe
2104	8ba65977350fe214f6f53bfc7609dcd0N.exe
2884	8ba65977350fe214f6f53bfc7609dcd0N.exe
2752	8ba65977350fe214f6f53bfc7609dcd0N.exe
3012	8ba65977350fe214f6f53bfc7609dcd0N.exe
1956	8ba65977350fe214f6f53bfc7609dcd0N.exe
1912	8ba65977350fe214f6f53bfc7609dcd0N.exe
2956	8ba65977350fe214f6f53bfc7609dcd0N.exe
2776	8ba65977350fe214f6f53bfc7609dcd0N.exe
2104	8ba65977350fe214f6f53bfc7609dcd0N.exe
2420	8ba65977350fe214f6f53bfc7609dcd0N.exe
1508	8ba65977350fe214f6f53bfc7609dcd0N.exe
2752	8ba65977350fe214f6f53bfc7609dcd0N.exe
1620	8ba65977350fe214f6f53bfc7609dcd0N.exe
1956	8ba65977350fe214f6f53bfc7609dcd0N.exe
2884	8ba65977350fe214f6f53bfc7609dcd0N.exe
1188	8ba65977350fe214f6f53bfc7609dcd0N.exe
1636	8ba65977350fe214f6f53bfc7609dcd0N.exe
2148	8ba65977350fe214f6f53bfc7609dcd0N.exe
2760	8ba65977350fe214f6f53bfc7609dcd0N.exe
1912	8ba65977350fe214f6f53bfc7609dcd0N.exe
2776	8ba65977350fe214f6f53bfc7609dcd0N.exe
3012	8ba65977350fe214f6f53bfc7609dcd0N.exe
2956	8ba65977350fe214f6f53bfc7609dcd0N.exe
2104	8ba65977350fe214f6f53bfc7609dcd0N.exe
2144	8ba65977350fe214f6f53bfc7609dcd0N.exe
2364	8ba65977350fe214f6f53bfc7609dcd0N.exe
2360	8ba65977350fe214f6f53bfc7609dcd0N.exe
1056	8ba65977350fe214f6f53bfc7609dcd0N.exe
2972	8ba65977350fe214f6f53bfc7609dcd0N.exe
2388	8ba65977350fe214f6f53bfc7609dcd0N.exe
1524	8ba65977350fe214f6f53bfc7609dcd0N.exe
1508	8ba65977350fe214f6f53bfc7609dcd0N.exe
2420	8ba65977350fe214f6f53bfc7609dcd0N.exe
1620	8ba65977350fe214f6f53bfc7609dcd0N.exe
2752	8ba65977350fe214f6f53bfc7609dcd0N.exe
1956	8ba65977350fe214f6f53bfc7609dcd0N.exe
2884	8ba65977350fe214f6f53bfc7609dcd0N.exe
3068	8ba65977350fe214f6f53bfc7609dcd0N.exe
1720	8ba65977350fe214f6f53bfc7609dcd0N.exe
1720	8ba65977350fe214f6f53bfc7609dcd0N.exe
2072	8ba65977350fe214f6f53bfc7609dcd0N.exe
2072	8ba65977350fe214f6f53bfc7609dcd0N.exe
1296	8ba65977350fe214f6f53bfc7609dcd0N.exe
1296	8ba65977350fe214f6f53bfc7609dcd0N.exe
1912	8ba65977350fe214f6f53bfc7609dcd0N.exe
1912	8ba65977350fe214f6f53bfc7609dcd0N.exe
2148	8ba65977350fe214f6f53bfc7609dcd0N.exe
2148	8ba65977350fe214f6f53bfc7609dcd0N.exe
2760	8ba65977350fe214f6f53bfc7609dcd0N.exe
2760	8ba65977350fe214f6f53bfc7609dcd0N.exe
3056	8ba65977350fe214f6f53bfc7609dcd0N.exe
3056	8ba65977350fe214f6f53bfc7609dcd0N.exe
3012	8ba65977350fe214f6f53bfc7609dcd0N.exe
2776	8ba65977350fe214f6f53bfc7609dcd0N.exe
2776	8ba65977350fe214f6f53bfc7609dcd0N.exe
3012	8ba65977350fe214f6f53bfc7609dcd0N.exe
2416	8ba65977350fe214f6f53bfc7609dcd0N.exe
2416	8ba65977350fe214f6f53bfc7609dcd0N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2104 wrote to memory of 2776	2104	8ba65977350fe214f6f53bfc7609dcd0N.exe	30
PID 2104 wrote to memory of 2776	2104	8ba65977350fe214f6f53bfc7609dcd0N.exe	30
PID 2104 wrote to memory of 2776	2104	8ba65977350fe214f6f53bfc7609dcd0N.exe	30
PID 2104 wrote to memory of 2776	2104	8ba65977350fe214f6f53bfc7609dcd0N.exe	30
PID 2776 wrote to memory of 1956	2776	8ba65977350fe214f6f53bfc7609dcd0N.exe	31
PID 2776 wrote to memory of 1956	2776	8ba65977350fe214f6f53bfc7609dcd0N.exe	31
PID 2776 wrote to memory of 1956	2776	8ba65977350fe214f6f53bfc7609dcd0N.exe	31
PID 2776 wrote to memory of 1956	2776	8ba65977350fe214f6f53bfc7609dcd0N.exe	31
PID 2104 wrote to memory of 1912	2104	8ba65977350fe214f6f53bfc7609dcd0N.exe	32
PID 2104 wrote to memory of 1912	2104	8ba65977350fe214f6f53bfc7609dcd0N.exe	32
PID 2104 wrote to memory of 1912	2104	8ba65977350fe214f6f53bfc7609dcd0N.exe	32
PID 2104 wrote to memory of 1912	2104	8ba65977350fe214f6f53bfc7609dcd0N.exe	32
PID 1956 wrote to memory of 2752	1956	8ba65977350fe214f6f53bfc7609dcd0N.exe	33
PID 1956 wrote to memory of 2752	1956	8ba65977350fe214f6f53bfc7609dcd0N.exe	33
PID 1956 wrote to memory of 2752	1956	8ba65977350fe214f6f53bfc7609dcd0N.exe	33
PID 1956 wrote to memory of 2752	1956	8ba65977350fe214f6f53bfc7609dcd0N.exe	33
PID 1912 wrote to memory of 2884	1912	8ba65977350fe214f6f53bfc7609dcd0N.exe	34
PID 1912 wrote to memory of 2884	1912	8ba65977350fe214f6f53bfc7609dcd0N.exe	34
PID 1912 wrote to memory of 2884	1912	8ba65977350fe214f6f53bfc7609dcd0N.exe	34
PID 1912 wrote to memory of 2884	1912	8ba65977350fe214f6f53bfc7609dcd0N.exe	34
PID 2776 wrote to memory of 3012	2776	8ba65977350fe214f6f53bfc7609dcd0N.exe	35
PID 2776 wrote to memory of 3012	2776	8ba65977350fe214f6f53bfc7609dcd0N.exe	35
PID 2776 wrote to memory of 3012	2776	8ba65977350fe214f6f53bfc7609dcd0N.exe	35
PID 2776 wrote to memory of 3012	2776	8ba65977350fe214f6f53bfc7609dcd0N.exe	35
PID 2104 wrote to memory of 2956	2104	8ba65977350fe214f6f53bfc7609dcd0N.exe	36
PID 2104 wrote to memory of 2956	2104	8ba65977350fe214f6f53bfc7609dcd0N.exe	36
PID 2104 wrote to memory of 2956	2104	8ba65977350fe214f6f53bfc7609dcd0N.exe	36
PID 2104 wrote to memory of 2956	2104	8ba65977350fe214f6f53bfc7609dcd0N.exe	36
PID 2752 wrote to memory of 2420	2752	8ba65977350fe214f6f53bfc7609dcd0N.exe	37
PID 2752 wrote to memory of 2420	2752	8ba65977350fe214f6f53bfc7609dcd0N.exe	37
PID 2752 wrote to memory of 2420	2752	8ba65977350fe214f6f53bfc7609dcd0N.exe	37
PID 2752 wrote to memory of 2420	2752	8ba65977350fe214f6f53bfc7609dcd0N.exe	37
PID 2884 wrote to memory of 1620	2884	8ba65977350fe214f6f53bfc7609dcd0N.exe	38
PID 2884 wrote to memory of 1620	2884	8ba65977350fe214f6f53bfc7609dcd0N.exe	38
PID 2884 wrote to memory of 1620	2884	8ba65977350fe214f6f53bfc7609dcd0N.exe	38
PID 2884 wrote to memory of 1620	2884	8ba65977350fe214f6f53bfc7609dcd0N.exe	38
PID 1956 wrote to memory of 1508	1956	8ba65977350fe214f6f53bfc7609dcd0N.exe	39
PID 1956 wrote to memory of 1508	1956	8ba65977350fe214f6f53bfc7609dcd0N.exe	39
PID 1956 wrote to memory of 1508	1956	8ba65977350fe214f6f53bfc7609dcd0N.exe	39
PID 1956 wrote to memory of 1508	1956	8ba65977350fe214f6f53bfc7609dcd0N.exe	39
PID 1912 wrote to memory of 2148	1912	8ba65977350fe214f6f53bfc7609dcd0N.exe	41
PID 1912 wrote to memory of 2148	1912	8ba65977350fe214f6f53bfc7609dcd0N.exe	41
PID 1912 wrote to memory of 2148	1912	8ba65977350fe214f6f53bfc7609dcd0N.exe	41
PID 1912 wrote to memory of 2148	1912	8ba65977350fe214f6f53bfc7609dcd0N.exe	41
PID 3012 wrote to memory of 1188	3012	8ba65977350fe214f6f53bfc7609dcd0N.exe	40
PID 3012 wrote to memory of 1188	3012	8ba65977350fe214f6f53bfc7609dcd0N.exe	40
PID 3012 wrote to memory of 1188	3012	8ba65977350fe214f6f53bfc7609dcd0N.exe	40
PID 3012 wrote to memory of 1188	3012	8ba65977350fe214f6f53bfc7609dcd0N.exe	40
PID 2776 wrote to memory of 1636	2776	8ba65977350fe214f6f53bfc7609dcd0N.exe	42
PID 2776 wrote to memory of 1636	2776	8ba65977350fe214f6f53bfc7609dcd0N.exe	42
PID 2776 wrote to memory of 1636	2776	8ba65977350fe214f6f53bfc7609dcd0N.exe	42
PID 2776 wrote to memory of 1636	2776	8ba65977350fe214f6f53bfc7609dcd0N.exe	42
PID 2956 wrote to memory of 2760	2956	8ba65977350fe214f6f53bfc7609dcd0N.exe	43
PID 2956 wrote to memory of 2760	2956	8ba65977350fe214f6f53bfc7609dcd0N.exe	43
PID 2956 wrote to memory of 2760	2956	8ba65977350fe214f6f53bfc7609dcd0N.exe	43
PID 2956 wrote to memory of 2760	2956	8ba65977350fe214f6f53bfc7609dcd0N.exe	43
PID 2104 wrote to memory of 2144	2104	8ba65977350fe214f6f53bfc7609dcd0N.exe	44
PID 2104 wrote to memory of 2144	2104	8ba65977350fe214f6f53bfc7609dcd0N.exe	44
PID 2104 wrote to memory of 2144	2104	8ba65977350fe214f6f53bfc7609dcd0N.exe	44
PID 2104 wrote to memory of 2144	2104	8ba65977350fe214f6f53bfc7609dcd0N.exe	44
PID 1508 wrote to memory of 2364	1508	8ba65977350fe214f6f53bfc7609dcd0N.exe	45
PID 1508 wrote to memory of 2364	1508	8ba65977350fe214f6f53bfc7609dcd0N.exe	45
PID 1508 wrote to memory of 2364	1508	8ba65977350fe214f6f53bfc7609dcd0N.exe	45
PID 1508 wrote to memory of 2364	1508	8ba65977350fe214f6f53bfc7609dcd0N.exe	45

C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
"C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2104
- C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
  "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2776
- - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
    "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1956
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2752
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2420
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        9⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        10⤵
        
        PID:17952
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        9⤵
        
        PID:8776
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        9⤵
        
        PID:12008
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        9⤵
        
        PID:19532
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        8⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        9⤵
        
        PID:8144
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        9⤵
        
        PID:12596
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        8⤵
        
        PID:7244
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        8⤵
        
        PID:12064
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        8⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        8⤵
        
        PID:9084
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        8⤵
        
        PID:12112
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        8⤵
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        8⤵
        
        PID:14948
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:7452
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:11940
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        8⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        8⤵
        
        PID:10400
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        8⤵
        
        PID:19208
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:8648
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:12520
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:18716
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:8536
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:18044
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:5380
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:8152
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:17176
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:20856
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1056
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        8⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        8⤵
        
        PID:8792
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        8⤵
        
        PID:12072
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        8⤵
        
        PID:9356
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        8⤵
        
        PID:17992
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:11972
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:3252
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:9700
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:12496
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:17828
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:9740
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:16452
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:21408
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:7428
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:12188
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3032
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:10740
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:21196
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:5652
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:8624
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:17896
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3708
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:6156
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:8396
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:16488
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:5372
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:10780
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:19628
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:7872
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:12488
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:17976
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1508
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2364
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        8⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        8⤵
        
        PID:9732
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        8⤵
        
        PID:19512
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        8⤵
        
        PID:9348
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        8⤵
        
        PID:17116
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:7316
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:11980
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:19096
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        8⤵
        
        PID:20508
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:8768
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:12128
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:9676
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:12548
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:20340
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:7436
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:11988
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:1936
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1860
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        8⤵
        
        PID:10548
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        8⤵
        
        PID:17776
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:10256
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:12620
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:17928
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:10768
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:17936
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:8260
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:17100
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3692
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:20844
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:9116
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:12104
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:5356
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:10556
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:17008
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:7864
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:12464
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:18616
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2972
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:2472
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        8⤵
        
        PID:20184
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:9068
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:12088
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:19104
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:12556
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:20128
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:7420
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:12016
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3628
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:17904
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:9100
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:12120
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:5324
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:10248
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:12612
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:19464
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:7468
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:12048
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:2248
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:3900
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:6544
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:10296
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:14244
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:5596
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:19584
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:8580
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:13308
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:2568
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:3684
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:6072
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:20192
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:9684
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:12504
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:18852
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:5364
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:10748
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:21212
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:7856
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:11996
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:2552
- - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
    "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3012
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1188
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:1296
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        8⤵
        
        PID:8440
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        8⤵
        
        PID:14972
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:11580
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:21100
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:11708
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:6112
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:8268
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:14888
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2684
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:8588
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:14928
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:7064
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:11652
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:21124
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4036
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:6772
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:10648
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:3336
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:5708
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:19220
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:8380
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:14872
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2072
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:2496
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:8368
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:18608
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:6792
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:10524
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:16308
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4108
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:6988
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:10656
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:17960
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:6080
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:9092
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:12144
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3028
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4616
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:8516
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:18032
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:7072
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:11820
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:19136
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:4164
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:7720
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:12180
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:6396
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:10280
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:18572
- - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
    "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1636
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:1552
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:3348
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:9384
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:21224
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:7412
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:12160
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:21084
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:4468
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:8168
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:12604
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:6808
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:10664
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:19524
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:2672
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4648
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:8640
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:12512
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:19396
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:7080
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:11676
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:20880
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:3152
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:6756
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:10500
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:18600
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:5692
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:19612
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:8316
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:15024
- - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
    "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1440
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:3320
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:5216
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:9752
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:21156
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:7444
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:12040
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:19112
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:4460
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:8160
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:17200
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:6840
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:10492
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:18056
- - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
    "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
    3⤵
    PID:2848
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:4556
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:8344
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:18064
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:7024
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:11596
- - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
    "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4156
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:7560
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:12480
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:19504
- - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
    "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
    3⤵
    PID:6336
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:10756
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:17968
- - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
    "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
    3⤵
    PID:10472
- - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
    "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
    3⤵
    PID:14844
- C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
  "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1912
- - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
    "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2884
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1620
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1524
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        8⤵
        
        PID:7756
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        8⤵
        
        PID:12152
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:10508
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:18100
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:10272
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:18124
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:20200
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:8552
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:17164
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:1940
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:10304
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:14916
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:17048
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:8632
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:14864
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:3640
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:19604
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:9708
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:16292
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:21584
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:5316
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:10232
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:14936
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:7460
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:12024
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2388
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2480
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:12196
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:6612
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:10732
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:21172
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:3876
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:6460
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:10568
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:18072
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:10312
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:14900
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:5524
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:17872
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:8616
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:12540
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:19472
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:1468
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:4376
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:7884
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:11836
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:2180
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:6676
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:10708
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:7128
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:3676
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:5988
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:9124
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:12096
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:5348
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:7784
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:12168
- - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
    "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2148
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1720
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:2488
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:7768
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:12472
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:6712
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:6620
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:10724
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:21148
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:3868
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:6516
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:10288
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:18456
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:5500
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:19652
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:8356
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:18092
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:2768
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4632
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:9132
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:12136
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:7048
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:11588
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:19088
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:4148
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:7164
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:11692
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:6524
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:6204
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:8544
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:18464
- - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
    "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3056
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3264
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5080
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:9368
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:21188
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:7340
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:10600
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:18528
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4452
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:8028
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:12032
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:6820
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:10672
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:17916
- - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
    "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
    3⤵
    PID:2584
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:4500
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:8296
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:14880
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:6784
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:10516
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:18004
- - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
    "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4116
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:7000
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:11660
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:6996
- - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
    "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
    3⤵
    PID:6064
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:21232
- - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
    "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
    3⤵
    PID:9108
- - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
    "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
    3⤵
    PID:12056
- C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
  "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2956
- - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
    "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2760
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3068
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2880
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:8408
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:18224
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:10576
        
        C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        7⤵
        
        PID:17152
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:10540
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:17136
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4124
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:7116
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:11668
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:1748
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:6088
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:8388
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:21180
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:2856
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:4536
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:8464
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:15004
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:6828
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:11684
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:21108
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4140
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:7152
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:11556
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:20496
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:6196
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:8528
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:18108
- - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
    "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1632
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:3292
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3764
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:9376
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:19284
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:7372
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:10608
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:19636
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4444
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:8784
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:17208
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:6800
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:10532
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:18080
- - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
    "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
    3⤵
    PID:2932
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4708
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:9060
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:18024
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:7056
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:11572
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:19128
- - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
    "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3160
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:6688
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:10716
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:21164
- - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
    "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
    3⤵
    PID:5700
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:4588
- - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
    "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
    3⤵
    PID:8324
- - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
    "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
    3⤵
    PID:15016
- C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
  "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2144
- - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
    "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
    3⤵
    PID:1208
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:3312
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5104
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:9692
      - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        6⤵
        
        PID:16460
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:7348
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:11964
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:20836
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:4436
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:8424
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:14984
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:6848
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:11620
- - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
    "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2736
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:4676
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:8480
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:14992
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:7088
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:11644
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:21076
- - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
    "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4024
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:6716
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:10688
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:6780
- - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
    "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
    3⤵
    PID:5716
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:21596
- - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
    "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
    3⤵
    PID:8332
- - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
    "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
    3⤵
    PID:14856
- C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
  "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2416
- - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
    "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
    3⤵
    PID:3272
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:5036
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:9392
    - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
        5⤵
        
        PID:21204
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:7252
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:11700
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:20376
- - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
    "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4428
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:8228
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:12528
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:20348
- - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
    "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
    3⤵
    PID:6856
- - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
    "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
    3⤵
    PID:10700
- - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
    "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
    3⤵
    PID:8240
- C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
  "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
  2⤵
  PID:2680
- - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
    "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
    3⤵
    PID:4740
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:9076
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:12080
  - - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
      "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
      4⤵
      PID:19120
- - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
    "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
    3⤵
    PID:7040
- - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
    "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
    3⤵
    PID:11548
- - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
    "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
    3⤵
    PID:18676
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 608
  2⤵
  - Program crash
  PID:4056
- C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
  "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4048
- - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
    "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
    3⤵
    PID:6736
- - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
    "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
    3⤵
    PID:11564
- - C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe
    "C:\Users\Admin\AppData\Local\Temp\8ba65977350fe214f6f53bfc7609dcd0N.exe"
    3⤵
    PID:21116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\american kicking blowjob several models .rar.exe

Filesize
1.3MB

MD5
6b253fbd470ed78055e0cbed159889e3

SHA1
69551d45e5421404225ee9682aa021df302212df

SHA256
ab64dcc18cee5fe23d1bd15ab1901418a53e9b936b7d1dbc279b4548db25a1fb

SHA512
dd6acc0592f4754e3116654cd58e1a55f797d957eca54d25556d7eb9b1cb58f4766c640606490ee5b5c4b4b44a7e7c94ffa28958a62be300852e105d2d707642

Download Submit
C:\debug.txt

Filesize
183B

MD5
7345855f525d9d558963c524ad8ba912

SHA1
8b8510a764c8909fce429afbbe49a66875b0ccb2

SHA256
542d0efd1d24cbabba9bb9c73deec875102a7d2b0021fb9395e5340c2b867e89

SHA512
14bfa46ed775e6fcd885ccb131dfe5b076e045e86d71af50ec3d787dc8237d7698592a8aee1c60d1174b5b03d9ed5dd42df0ae503947ea047845f417d583a9e9

Download Submit