ec68def19c4646e96030d658ffafb28b3e48b947e8a67b266ad51b54109cb1a8

Analysis

max time kernel
18s
max time network
113s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
22/08/2024, 02:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9cc9594972921e2f55b915df875bbc30N.exe
Size

362KB
MD5

9cc9594972921e2f55b915df875bbc30
SHA1

1cb13e7a7a21d80105a8f8453c2d5dc1e1f1c2e7
SHA256

ec68def19c4646e96030d658ffafb28b3e48b947e8a67b266ad51b54109cb1a8
SHA512

1dbdb2c6ed8c36fa843674c783b41c1105ca2d8d1bdadc6b8cdfb645b35c70ce29b5e8e778cf5953d23601eabe9fe7f1e2a24cf5a69f05a6174880cc4ae9598a
SSDEEP

6144:oGHGRpO9p1om9+xs3NBB3i7T0KypIAS9atSHfeinci24n7DV:oGHasii9Bs/6TSatSHfeinLVn/V

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	9cc9594972921e2f55b915df875bbc30N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\I:	9cc9594972921e2f55b915df875bbc30N.exe
File opened (read-only)	\??\M:	9cc9594972921e2f55b915df875bbc30N.exe
File opened (read-only)	\??\Q:	9cc9594972921e2f55b915df875bbc30N.exe
File opened (read-only)	\??\T:	9cc9594972921e2f55b915df875bbc30N.exe
File opened (read-only)	\??\E:	9cc9594972921e2f55b915df875bbc30N.exe
File opened (read-only)	\??\H:	9cc9594972921e2f55b915df875bbc30N.exe
File opened (read-only)	\??\J:	9cc9594972921e2f55b915df875bbc30N.exe
File opened (read-only)	\??\K:	9cc9594972921e2f55b915df875bbc30N.exe
File opened (read-only)	\??\L:	9cc9594972921e2f55b915df875bbc30N.exe
File opened (read-only)	\??\P:	9cc9594972921e2f55b915df875bbc30N.exe
File opened (read-only)	\??\S:	9cc9594972921e2f55b915df875bbc30N.exe
File opened (read-only)	\??\B:	9cc9594972921e2f55b915df875bbc30N.exe
File opened (read-only)	\??\N:	9cc9594972921e2f55b915df875bbc30N.exe
File opened (read-only)	\??\U:	9cc9594972921e2f55b915df875bbc30N.exe
File opened (read-only)	\??\V:	9cc9594972921e2f55b915df875bbc30N.exe
File opened (read-only)	\??\X:	9cc9594972921e2f55b915df875bbc30N.exe
File opened (read-only)	\??\A:	9cc9594972921e2f55b915df875bbc30N.exe
File opened (read-only)	\??\G:	9cc9594972921e2f55b915df875bbc30N.exe
File opened (read-only)	\??\O:	9cc9594972921e2f55b915df875bbc30N.exe
File opened (read-only)	\??\R:	9cc9594972921e2f55b915df875bbc30N.exe
File opened (read-only)	\??\W:	9cc9594972921e2f55b915df875bbc30N.exe
File opened (read-only)	\??\Y:	9cc9594972921e2f55b915df875bbc30N.exe
File opened (read-only)	\??\Z:	9cc9594972921e2f55b915df875bbc30N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\danish kicking xxx [free] cock .avi.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\SysWOW64\FxsTmp\african blowjob [milf] .mpeg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\swedish beastiality xxx [free] .mpeg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\SysWOW64\IME\shared\gay sleeping gorgeoushorny .rar.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\indian gang bang sperm public black hairunshaved .zip.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\System32\DriverStore\Temp\black action lesbian [bangbus] cock hairy .rar.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\SysWOW64\IME\shared\russian cum horse girls bondage .mpeg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\xxx full movie glans stockings (Karin).avi.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\swedish nude gay girls .rar.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\SysWOW64\FxsTmp\beast public .zip.exe	9cc9594972921e2f55b915df875bbc30N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\swedish cum lingerie girls feet .mpeg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\black gang bang beast public blondie .avi.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Program Files (x86)\Google\Update\Download\horse full movie .zip.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\brasilian nude gay voyeur (Sarah).rar.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\american cum fucking big .zip.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\gay full movie glans hairy .rar.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\black animal xxx uncut ìï .mpg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\russian kicking trambling sleeping .mpeg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\japanese action lesbian lesbian hole upskirt .rar.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Program Files\Windows Journal\Templates\danish cumshot hardcore hidden hole fishy (Janette).rar.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\indian horse hardcore hot (!) young .mpeg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\lingerie uncut hotel (Anniston,Melissa).zip.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Program Files\DVD Maker\Shared\danish kicking bukkake masturbation stockings .mpg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Program Files (x86)\Google\Temp\danish kicking horse licking ash .zip.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\brasilian nude lesbian several models .mpg.exe	9cc9594972921e2f55b915df875bbc30N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\african fucking big .zip.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\SoftwareDistribution\Download\beast girls leather .mpeg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\horse public glans (Sonja,Samantha).mpeg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\Downloaded Program Files\bukkake masturbation redhair (Christine,Samantha).zip.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\lesbian [milf] .zip.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\swedish action sperm [bangbus] feet mistress (Curtney).zip.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\lingerie licking titts tÛ .avi.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\african lesbian licking .mpeg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\lingerie public latex .mpeg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\horse xxx [milf] ìï .mpeg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\bukkake full movie bondage .mpeg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\horse gay sleeping hole ejaculation (Melissa).mpg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\assembly\tmp\brasilian cumshot sperm big cock shower .mpg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\fucking hidden hole high heels .mpg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\horse lesbian (Samantha).mpeg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\japanese kicking beast hidden feet balls .avi.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\brasilian beastiality sperm big .rar.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\lingerie sleeping (Samantha).zip.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\beast several models .mpg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\action bukkake girls granny .mpeg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\canadian lesbian sleeping .mpeg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\malaysia xxx lesbian glans upskirt .mpg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\animal trambling masturbation (Karin).mpeg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\cumshot blowjob girls hole (Jenna,Curtney).zip.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\danish cumshot bukkake full movie blondie .mpeg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\malaysia lingerie girls latex .mpeg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\trambling girls femdom .zip.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\gay hot (!) .rar.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\action lesbian big .zip.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\russian beastiality fucking full movie bondage .mpg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\hardcore [milf] balls .zip.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\trambling full movie titts .rar.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\handjob xxx licking young .zip.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\british trambling several models 50+ (Sandy,Jade).mpg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\american nude fucking [free] hole .zip.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\sperm girls cock (Christine,Sylvia).zip.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\italian animal blowjob hidden .mpeg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\cumshot horse catfight titts .avi.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\horse sleeping .mpg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\chinese bukkake full movie .rar.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\american action blowjob sleeping balls .mpeg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\gay hot (!) feet bondage (Sarah).rar.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\malaysia lesbian hot (!) cock .mpg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\horse public ìï .zip.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\french xxx several models .mpg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\kicking fucking [free] sm (Ashley,Curtney).zip.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\handjob xxx big cock .zip.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\italian fetish hardcore big balls .mpeg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\sperm [bangbus] ash .mpg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\PLA\Templates\hardcore several models ìï (Gina,Tatjana).avi.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\indian porn bukkake hidden feet swallow (Samantha).mpeg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\winsxs\InstallTemp\tyrkish horse lingerie [free] girly .zip.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\danish porn lingerie sleeping lady .zip.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\animal horse catfight high heels .zip.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\american animal beast hidden feet .mpeg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\italian handjob horse masturbation glans 50+ (Sarah).mpeg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\black gang bang trambling [free] cock .mpg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\african horse catfight (Liz).mpg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\swedish porn hardcore [free] titts ash (Jade).mpeg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\lesbian [free] castration .mpg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\african sperm hot (!) upskirt .mpeg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\black action fucking catfight wifey (Sonja,Curtney).avi.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\security\templates\horse gay public penetration .mpeg.exe	9cc9594972921e2f55b915df875bbc30N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\swedish kicking xxx masturbation cock upskirt (Janette).avi.exe	9cc9594972921e2f55b915df875bbc30N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9cc9594972921e2f55b915df875bbc30N.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2924	9cc9594972921e2f55b915df875bbc30N.exe
1444	9cc9594972921e2f55b915df875bbc30N.exe
2924	9cc9594972921e2f55b915df875bbc30N.exe
2164	9cc9594972921e2f55b915df875bbc30N.exe
316	9cc9594972921e2f55b915df875bbc30N.exe
1444	9cc9594972921e2f55b915df875bbc30N.exe
2924	9cc9594972921e2f55b915df875bbc30N.exe
1980	9cc9594972921e2f55b915df875bbc30N.exe
2164	9cc9594972921e2f55b915df875bbc30N.exe
1932	9cc9594972921e2f55b915df875bbc30N.exe
2884	9cc9594972921e2f55b915df875bbc30N.exe
1320	9cc9594972921e2f55b915df875bbc30N.exe
316	9cc9594972921e2f55b915df875bbc30N.exe
1444	9cc9594972921e2f55b915df875bbc30N.exe
2924	9cc9594972921e2f55b915df875bbc30N.exe
2856	9cc9594972921e2f55b915df875bbc30N.exe
2896	9cc9594972921e2f55b915df875bbc30N.exe
1980	9cc9594972921e2f55b915df875bbc30N.exe
2944	9cc9594972921e2f55b915df875bbc30N.exe
264	9cc9594972921e2f55b915df875bbc30N.exe
2388	9cc9594972921e2f55b915df875bbc30N.exe
2164	9cc9594972921e2f55b915df875bbc30N.exe
2276	9cc9594972921e2f55b915df875bbc30N.exe
2420	9cc9594972921e2f55b915df875bbc30N.exe
2884	9cc9594972921e2f55b915df875bbc30N.exe
1932	9cc9594972921e2f55b915df875bbc30N.exe
2248	9cc9594972921e2f55b915df875bbc30N.exe
316	9cc9594972921e2f55b915df875bbc30N.exe
1444	9cc9594972921e2f55b915df875bbc30N.exe
1320	9cc9594972921e2f55b915df875bbc30N.exe
2924	9cc9594972921e2f55b915df875bbc30N.exe
1784	9cc9594972921e2f55b915df875bbc30N.exe
324	9cc9594972921e2f55b915df875bbc30N.exe
2492	9cc9594972921e2f55b915df875bbc30N.exe
2856	9cc9594972921e2f55b915df875bbc30N.exe
2052	9cc9594972921e2f55b915df875bbc30N.exe
1604	9cc9594972921e2f55b915df875bbc30N.exe
1980	9cc9594972921e2f55b915df875bbc30N.exe
2896	9cc9594972921e2f55b915df875bbc30N.exe
2944	9cc9594972921e2f55b915df875bbc30N.exe
2388	9cc9594972921e2f55b915df875bbc30N.exe
952	9cc9594972921e2f55b915df875bbc30N.exe
952	9cc9594972921e2f55b915df875bbc30N.exe
2388	9cc9594972921e2f55b915df875bbc30N.exe
264	9cc9594972921e2f55b915df875bbc30N.exe
264	9cc9594972921e2f55b915df875bbc30N.exe
1796	9cc9594972921e2f55b915df875bbc30N.exe
1796	9cc9594972921e2f55b915df875bbc30N.exe
2164	9cc9594972921e2f55b915df875bbc30N.exe
2528	9cc9594972921e2f55b915df875bbc30N.exe
2164	9cc9594972921e2f55b915df875bbc30N.exe
2528	9cc9594972921e2f55b915df875bbc30N.exe
1444	9cc9594972921e2f55b915df875bbc30N.exe
1444	9cc9594972921e2f55b915df875bbc30N.exe
912	9cc9594972921e2f55b915df875bbc30N.exe
912	9cc9594972921e2f55b915df875bbc30N.exe
2436	9cc9594972921e2f55b915df875bbc30N.exe
2436	9cc9594972921e2f55b915df875bbc30N.exe
1788	9cc9594972921e2f55b915df875bbc30N.exe
1788	9cc9594972921e2f55b915df875bbc30N.exe
2276	9cc9594972921e2f55b915df875bbc30N.exe
2276	9cc9594972921e2f55b915df875bbc30N.exe
2884	9cc9594972921e2f55b915df875bbc30N.exe
2884	9cc9594972921e2f55b915df875bbc30N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2924 wrote to memory of 1444	2924	9cc9594972921e2f55b915df875bbc30N.exe	31
PID 2924 wrote to memory of 1444	2924	9cc9594972921e2f55b915df875bbc30N.exe	31
PID 2924 wrote to memory of 1444	2924	9cc9594972921e2f55b915df875bbc30N.exe	31
PID 2924 wrote to memory of 1444	2924	9cc9594972921e2f55b915df875bbc30N.exe	31
PID 1444 wrote to memory of 2164	1444	9cc9594972921e2f55b915df875bbc30N.exe	32
PID 1444 wrote to memory of 2164	1444	9cc9594972921e2f55b915df875bbc30N.exe	32
PID 1444 wrote to memory of 2164	1444	9cc9594972921e2f55b915df875bbc30N.exe	32
PID 1444 wrote to memory of 2164	1444	9cc9594972921e2f55b915df875bbc30N.exe	32
PID 2924 wrote to memory of 316	2924	9cc9594972921e2f55b915df875bbc30N.exe	33
PID 2924 wrote to memory of 316	2924	9cc9594972921e2f55b915df875bbc30N.exe	33
PID 2924 wrote to memory of 316	2924	9cc9594972921e2f55b915df875bbc30N.exe	33
PID 2924 wrote to memory of 316	2924	9cc9594972921e2f55b915df875bbc30N.exe	33
PID 2164 wrote to memory of 1980	2164	9cc9594972921e2f55b915df875bbc30N.exe	34
PID 2164 wrote to memory of 1980	2164	9cc9594972921e2f55b915df875bbc30N.exe	34
PID 2164 wrote to memory of 1980	2164	9cc9594972921e2f55b915df875bbc30N.exe	34
PID 2164 wrote to memory of 1980	2164	9cc9594972921e2f55b915df875bbc30N.exe	34
PID 316 wrote to memory of 1932	316	9cc9594972921e2f55b915df875bbc30N.exe	35
PID 316 wrote to memory of 1932	316	9cc9594972921e2f55b915df875bbc30N.exe	35
PID 316 wrote to memory of 1932	316	9cc9594972921e2f55b915df875bbc30N.exe	35
PID 316 wrote to memory of 1932	316	9cc9594972921e2f55b915df875bbc30N.exe	35
PID 1444 wrote to memory of 2884	1444	9cc9594972921e2f55b915df875bbc30N.exe	36
PID 1444 wrote to memory of 2884	1444	9cc9594972921e2f55b915df875bbc30N.exe	36
PID 1444 wrote to memory of 2884	1444	9cc9594972921e2f55b915df875bbc30N.exe	36
PID 1444 wrote to memory of 2884	1444	9cc9594972921e2f55b915df875bbc30N.exe	36
PID 2924 wrote to memory of 1320	2924	9cc9594972921e2f55b915df875bbc30N.exe	37
PID 2924 wrote to memory of 1320	2924	9cc9594972921e2f55b915df875bbc30N.exe	37
PID 2924 wrote to memory of 1320	2924	9cc9594972921e2f55b915df875bbc30N.exe	37
PID 2924 wrote to memory of 1320	2924	9cc9594972921e2f55b915df875bbc30N.exe	37
PID 1980 wrote to memory of 2856	1980	9cc9594972921e2f55b915df875bbc30N.exe	38
PID 1980 wrote to memory of 2856	1980	9cc9594972921e2f55b915df875bbc30N.exe	38
PID 1980 wrote to memory of 2856	1980	9cc9594972921e2f55b915df875bbc30N.exe	38
PID 1980 wrote to memory of 2856	1980	9cc9594972921e2f55b915df875bbc30N.exe	38
PID 2164 wrote to memory of 2896	2164	9cc9594972921e2f55b915df875bbc30N.exe	39
PID 2164 wrote to memory of 2896	2164	9cc9594972921e2f55b915df875bbc30N.exe	39
PID 2164 wrote to memory of 2896	2164	9cc9594972921e2f55b915df875bbc30N.exe	39
PID 2164 wrote to memory of 2896	2164	9cc9594972921e2f55b915df875bbc30N.exe	39
PID 1932 wrote to memory of 2944	1932	9cc9594972921e2f55b915df875bbc30N.exe	40
PID 1932 wrote to memory of 2944	1932	9cc9594972921e2f55b915df875bbc30N.exe	40
PID 1932 wrote to memory of 2944	1932	9cc9594972921e2f55b915df875bbc30N.exe	40
PID 1932 wrote to memory of 2944	1932	9cc9594972921e2f55b915df875bbc30N.exe	40
PID 2884 wrote to memory of 264	2884	9cc9594972921e2f55b915df875bbc30N.exe	41
PID 2884 wrote to memory of 264	2884	9cc9594972921e2f55b915df875bbc30N.exe	41
PID 2884 wrote to memory of 264	2884	9cc9594972921e2f55b915df875bbc30N.exe	41
PID 2884 wrote to memory of 264	2884	9cc9594972921e2f55b915df875bbc30N.exe	41
PID 1320 wrote to memory of 2276	1320	9cc9594972921e2f55b915df875bbc30N.exe	42
PID 1320 wrote to memory of 2276	1320	9cc9594972921e2f55b915df875bbc30N.exe	42
PID 1320 wrote to memory of 2276	1320	9cc9594972921e2f55b915df875bbc30N.exe	42
PID 1320 wrote to memory of 2276	1320	9cc9594972921e2f55b915df875bbc30N.exe	42
PID 316 wrote to memory of 2388	316	9cc9594972921e2f55b915df875bbc30N.exe	43
PID 316 wrote to memory of 2388	316	9cc9594972921e2f55b915df875bbc30N.exe	43
PID 316 wrote to memory of 2388	316	9cc9594972921e2f55b915df875bbc30N.exe	43
PID 316 wrote to memory of 2388	316	9cc9594972921e2f55b915df875bbc30N.exe	43
PID 1444 wrote to memory of 2420	1444	9cc9594972921e2f55b915df875bbc30N.exe	44
PID 1444 wrote to memory of 2420	1444	9cc9594972921e2f55b915df875bbc30N.exe	44
PID 1444 wrote to memory of 2420	1444	9cc9594972921e2f55b915df875bbc30N.exe	44
PID 1444 wrote to memory of 2420	1444	9cc9594972921e2f55b915df875bbc30N.exe	44
PID 2924 wrote to memory of 2248	2924	9cc9594972921e2f55b915df875bbc30N.exe	45
PID 2924 wrote to memory of 2248	2924	9cc9594972921e2f55b915df875bbc30N.exe	45
PID 2924 wrote to memory of 2248	2924	9cc9594972921e2f55b915df875bbc30N.exe	45
PID 2924 wrote to memory of 2248	2924	9cc9594972921e2f55b915df875bbc30N.exe	45
PID 2856 wrote to memory of 1784	2856	9cc9594972921e2f55b915df875bbc30N.exe	46
PID 2856 wrote to memory of 1784	2856	9cc9594972921e2f55b915df875bbc30N.exe	46
PID 2856 wrote to memory of 1784	2856	9cc9594972921e2f55b915df875bbc30N.exe	46
PID 2856 wrote to memory of 1784	2856	9cc9594972921e2f55b915df875bbc30N.exe	46

C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
"C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2924
- C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
  "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1444
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2164
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1980
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2856
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        9⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        10⤵
        
        PID:11352
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        9⤵
        
        PID:8416
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        10⤵
        
        PID:17004
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        9⤵
        
        PID:15156
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        9⤵
        
        PID:9460
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        10⤵
        
        PID:17052
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        9⤵
        
        PID:13792
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        9⤵
        
        PID:17116
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:11708
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        9⤵
        
        PID:8612
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        10⤵
        
        PID:18248
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        9⤵
        
        PID:11816
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        9⤵
        
        PID:9048
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:9284
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:15104
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:9888
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:15172
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:7244
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:17228
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:11796
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        9⤵
        
        PID:15044
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:9860
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:16708
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:10564
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:16700
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:7836
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:17720
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:14580
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:14660
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:9440
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:18076
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:13784
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:9964
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:16116
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:7484
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:17036
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:11908
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2492
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        9⤵
        
        PID:8928
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        9⤵
        
        PID:14740
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:9068
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        9⤵
        
        PID:17156
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:14644
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:9852
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        9⤵
        
        PID:18304
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:16164
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:7208
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:17492
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:11804
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:11748
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:18288
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:9448
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:18164
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:15336
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:10844
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:17436
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:15520
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:11900
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2696
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:15888
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:10500
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:21636
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:17396
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:8936
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:17324
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:14724
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:8028
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:14692
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:15364
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:3724
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:15892
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:9628
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:18136
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:15068
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:5300
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:10524
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:16652
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:7780
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:18116
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:14948
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2896
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:324
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        9⤵
        
        PID:8852
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        9⤵
        
        PID:9532
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        10⤵
        
        PID:17316
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        9⤵
        
        PID:16620
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:9096
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:15848
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:9644
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:15344
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:7252
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:17340
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:11732
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:18296
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:12048
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:9592
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:16636
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:10872
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:21616
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:18200
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:17332
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:11740
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:18256
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2692
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:6432
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:15880
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:9932
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:16124
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:11064
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:17404
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:8240
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:14708
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:3676
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:14548
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:9612
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:15076
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:5276
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:10992
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:20676
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:7764
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:18092
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:14604
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1796
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2556
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:7556
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:17164
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:14572
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:16068
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:9940
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:18060
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:16676
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:3900
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:6540
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:14820
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:10460
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:16660
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:5592
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:11320
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:20908
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:8312
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:18156
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:14804
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2608
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:4220
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:7220
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:17172
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:11772
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:23480
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:1492
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:14676
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:10044
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:21644
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:14628
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:3892
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:6548
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:15900
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:10516
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:17348
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:5564
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:11124
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:23492
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:20740
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:8248
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:17084
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:15800
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2884
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:264
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:1604
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        9⤵
        
        PID:15052
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:10484
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:17012
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:11008
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        9⤵
        
        PID:24044
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:17656
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:7828
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:17388
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:14788
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:14828
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:9948
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:16988
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:10468
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:21652
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:16684
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:17212
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:14884
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3028
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:15112
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:11148
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:21496
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:8844
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:11548
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:18240
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:9104
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:17100
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:15148
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:3784
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:15944
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:10904
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:20876
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:5412
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:11016
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:20892
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:8036
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:17044
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:14668
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2964
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3248
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:9972
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:16516
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:17460
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:14924
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:4428
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:8004
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:17252
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:14908
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:6608
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:16084
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:10880
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:17524
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3008
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:4420
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:8180
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:17516
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:14812
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:6616
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:15856
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:9956
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:16492
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:4040
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:6796
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:14652
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:10968
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:17412
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:5676
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:11476
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:17532
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:8456
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:11372
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:16948
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2420
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2440
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3280
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:10452
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:17308
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:7332
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:17356
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:11876
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:4444
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:8020
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:17732
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:14876
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:6640
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:16460
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:8588
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:17500
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:11244
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:18084
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:1236
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:4544
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:8220
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:16996
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:15288
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:6768
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:16076
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:10960
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:20884
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:4124
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:6848
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:14836
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:11024
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:18012
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:5740
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:8912
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:11268
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:18264
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:9088
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:17300
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:15840
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:912
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3132
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:5004
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:9868
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:18108
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:15120
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:7200
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:17180
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:11788
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:4404
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:7812
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:17068
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:15020
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:6600
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:15920
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:10944
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:17420
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3032
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:4524
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:8360
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:18100
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:11260
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:20764
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:6728
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:15936
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:10928
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:18028
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    PID:4116
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:6836
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:16156
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:11140
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:2072
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    PID:5748
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:8904
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:17800
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:11724
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    PID:9060
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    PID:14700
- C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
  "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:316
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1932
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2944
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2052
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        9⤵
        
        PID:15060
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:10004
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:14860
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:11032
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:18000
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:7772
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:17076
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:15652
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:14684
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:10012
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:21596
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:14892
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:10984
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:20716
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:17020
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:15636
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2728
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:14636
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:10920
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:18208
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:8920
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:17292
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:15824
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:8256
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:17508
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:15272
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:3732
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:15084
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:10508
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:17092
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:5308
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:11000
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:18228
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:7820
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:18036
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:14988
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:1700
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3352
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:10532
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:21604
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:17444
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:17196
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:11884
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:4504
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:8164
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:15028
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:6672
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:15136
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:10912
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:17548
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:704
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:4768
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:8660
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:11236
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:20692
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:7008
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:16524
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:11276
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:20756
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:4320
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:7712
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:17204
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:14916
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:6388
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:15864
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:10476
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:16828
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2388
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:952
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2640
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:8296
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:16932
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:15372
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:15816
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:10936
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:21660
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:17428
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:3908
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:16100
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:10492
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:16784
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:5580
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:11116
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:20748
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:8264
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:17220
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:15624
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2844
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:4192
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:17268
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:11684
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:20668
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:5992
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:14540
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:9604
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:14620
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:3684
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:6136
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:14612
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:10028
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:14852
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:5268
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:10548
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:16692
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:7688
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:17188
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:15012
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:948
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3304
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:9980
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:23500
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:16668
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:7356
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:17236
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:14932
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:4468
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:8272
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:16468
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:14588
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:6648
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:15912
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:8864
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:18068
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:11716
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2780
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:4736
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:9652
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:14960
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:6976
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:14844
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:11284
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:2520
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    PID:4276
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:7540
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:17028
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:12000
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    PID:6324
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:14524
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    PID:10540
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    PID:17260
- C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
  "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1320
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2276
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2528
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2628
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        8⤵
        
        PID:18188
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:14556
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:16060
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:8620
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:14732
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:3916
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:16480
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:9080
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:15832
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:5600
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:11132
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:20724
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:8304
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:17276
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:14796
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2736
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:4344
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:7704
        
        C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        7⤵
        
        PID:18044
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:14224
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:6420
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:14900
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:10052
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:14772
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:4048
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:6820
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:16108
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:11056
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:17472
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:5684
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:8676
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:17540
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:11824
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:8464
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:17788
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:11380
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:16956
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1788
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3232
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:5032
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:9880
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:16836
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:7228
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:17124
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:11780
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:4436
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:7948
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:17484
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:14564
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:6624
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:16000
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:10952
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:21628
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:20900
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2900
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:4608
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:9408
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:17768
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:16452
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:6920
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:14516
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:11156
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:23508
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:1564
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    PID:4256
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:7900
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:17108
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:13776
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    PID:6308
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:15928
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    PID:10020
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    PID:14868
- C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
  "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:2248
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2436
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3180
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:5072
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:9636
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:15356
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:7260
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:17284
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:11692
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:21668
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:4452
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:8052
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:17380
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:14212
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:6632
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:15128
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:8668
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:16852
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:11892
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2372
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:4600
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:9276
      - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        6⤵
        
        PID:18124
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:15992
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:6896
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:16504
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:11252
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:20652
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    PID:4248
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:7440
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:17244
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:11228
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:20772
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    PID:6180
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:14940
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    PID:10036
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    PID:14780
- C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
  "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1888
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3380
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:5176
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:10556
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:17688
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:7380
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:17364
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:12036
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:20732
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    PID:4512
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:8172
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:17060
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:15644
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    PID:6680
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:16092
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    PID:10976
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    PID:17776
- C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
  "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3080
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    PID:4704
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:9392
    - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
        5⤵
        
        PID:21488
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:15036
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    PID:6984
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:16172
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    PID:11540
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    PID:18280
- C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
  "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
  2⤵
  PID:4264
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    PID:7468
  - - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
      "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
      4⤵
      PID:17372
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    PID:11700
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    PID:18272
- C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
  "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
  2⤵
  PID:6172
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    PID:15872
- C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
  "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
  2⤵
  PID:9620
- - C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
    3⤵
    PID:18180
- C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe
  "C:\Users\Admin\AppData\Local\Temp\9cc9594972921e2f55b915df875bbc30N.exe"
  2⤵
  PID:15296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\indian horse hardcore hot (!) young .mpeg.exe

Filesize
1.2MB

MD5
7ddb701121bb4e4b6c419d2f7c320ff9

SHA1
6b5f5ececd4d83ee20d4bd169b7a6a3717361875

SHA256
4a5581e7ff2d10777d196a782960e15a71b20519b0a7bff70b92a78ad8f132f9

SHA512
dcc7f01c4ef7a5ffbd0b7d0bc8f66ec5999a596f64889eb01c1896480e2feb59b83ae3f8bfee57dfdb15fc311b26e3d9769400bcaa23e266a9189fc8fc5f2a2e

Download Submit
C:\debug.txt

Filesize
183B

MD5
a653558d2c7f6a4658d3e78c4ab1d0e6

SHA1
a6b8c47fb2f1c7b960ae2b41bb3fecd8142dfd95

SHA256
6feb3f5f23bb355efac21611285e587172db59e5673c7ded0a730391871cbee9

SHA512
cdce85ae92beb4af1a13199fb5db9687748adae76470e98f5a7af0d773b4d432d7fad5da8e69dbc1aeb58ca3ae0b9445410c02537da046ecc4ff6d8edccfb749

Download Submit