3e0da9b33cae9b4879bdb9fe3e7022584e6c11365783716d15a2ab902ecb678b

Analysis

max time kernel
18s
max time network
17s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
22/08/2024, 14:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
Size

576KB
MD5

a0c5342fabfc2bc5bfd72b5d3a05e2a0
SHA1

38cb9d06f57c721afe2eb720d6ffc1102aeababe
SHA256

3e0da9b33cae9b4879bdb9fe3e7022584e6c11365783716d15a2ab902ecb678b
SHA512

5ab95944e61d5c4e5433596b05c8b410abe3631ecf1bec9342af6d4e9fc417e5bf1528f08e5c6cf9df6d18d0bd15b853e54a20ed3061c48900570d0f96873c32
SSDEEP

12288:OWji9BI66gzoo6KgJVgu8CtKKwVhga9aLlsgjucl3jxOI:CugzV6brg1dKEdk5NRj

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Q:	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File opened (read-only)	\??\V:	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File opened (read-only)	\??\B:	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File opened (read-only)	\??\E:	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File opened (read-only)	\??\I:	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File opened (read-only)	\??\J:	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File opened (read-only)	\??\A:	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File opened (read-only)	\??\R:	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File opened (read-only)	\??\Y:	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File opened (read-only)	\??\X:	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File opened (read-only)	\??\Z:	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File opened (read-only)	\??\H:	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File opened (read-only)	\??\K:	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File opened (read-only)	\??\N:	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File opened (read-only)	\??\P:	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File opened (read-only)	\??\S:	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File opened (read-only)	\??\T:	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File opened (read-only)	\??\U:	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File opened (read-only)	\??\W:	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File opened (read-only)	\??\G:	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File opened (read-only)	\??\L:	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File opened (read-only)	\??\M:	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File opened (read-only)	\??\O:	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\handjob [milf] redhair .mpg.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\SysWOW64\IME\shared\cumshot big shower .rar.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\brasilian blowjob uncut (Sylvia).mpeg.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\porn gang bang hot (!) .mpg.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\american cumshot catfight hairy .mpg.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\SysWOW64\IME\shared\american bukkake big .avi.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\nude fucking big gorgeoushorny .mpg.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\System32\DriverStore\Temp\canadian gay porn [milf] .rar.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\fetish full movie bedroom (Sonja,Liz).zip.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\french fetish public upskirt .zip.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Journal\Templates\japanese beastiality trambling licking (Sandy).zip.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\german nude masturbation shoes .rar.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\fucking horse hot (!) (Sarah).rar.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Program Files (x86)\Google\Temp\porn voyeur .rar.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\indian horse [free] mistress (Britney,Samantha).rar.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\bukkake beast several models boobs girly .zip.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\porn sleeping .avi.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\indian bukkake voyeur hole .rar.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\bukkake lesbian (Melissa,Karin).mpeg.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\american lesbian several models beautyfull .avi.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\indian cumshot [bangbus] vagina ejaculation (Sarah,Sarah).avi.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Program Files\DVD Maker\Shared\british lesbian bukkake licking ejaculation .avi.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\spanish blowjob gay full movie hotel .avi.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Program Files (x86)\Google\Update\Download\japanese nude porn full movie (Britney).zip.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\danish handjob gang bang masturbation .rar.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\american cumshot beastiality [free] hole sm .avi.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\norwegian fetish gay several models .mpeg.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\british sperm hidden (Christine,Gina).rar.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\assembly\tmp\chinese gay gang bang [milf] balls (Curtney).avi.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\tyrkish horse bukkake [bangbus] latex .mpeg.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\hardcore hidden (Gina,Melissa).rar.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\beast [bangbus] fishy .zip.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\japanese porn sleeping pregnant .rar.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\xxx big redhair (Sylvia,Curtney).mpg.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\danish blowjob fetish girls (Janette).mpg.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\gang bang sperm licking glans beautyfull .mpg.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\lingerie gay [bangbus] hole .mpeg.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\russian nude public (Melissa).rar.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\african beast fucking [bangbus] titts penetration .rar.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\japanese lesbian [bangbus] bondage .zip.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\horse trambling lesbian vagina (Kathrin).rar.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\malaysia lingerie bukkake public circumcision .mpeg.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\french blowjob trambling [milf] (Tatjana).avi.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\tyrkish handjob horse hot (!) gorgeoushorny (Karin).mpg.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\gay beastiality full movie .rar.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\porn beast [milf] .rar.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\nude [bangbus] nipples sweet (Sandy).mpeg.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\russian gay full movie fishy (Gina,Kathrin).mpg.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\canadian action bukkake several models titts YEâPSè& .avi.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\Downloaded Program Files\american beast full movie vagina YEâPSè& (Curtney,Sandy).rar.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\porn lesbian gorgeoushorny .mpg.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\brasilian lesbian horse hot (!) legs (Ashley).mpg.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\action beast licking YEâPSè& .avi.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\cumshot [free] swallow .rar.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\horse kicking masturbation swallow (Samantha,Sandy).rar.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\action bukkake masturbation legs traffic .mpg.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\beastiality lingerie sleeping balls .avi.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\malaysia fetish bukkake uncut ash fishy .mpeg.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\american action girls gorgeoushorny .mpg.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\canadian cumshot sleeping .avi.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\horse girls legs 50+ .mpg.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\indian cum action catfight vagina gorgeoushorny .mpg.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\chinese bukkake public 40+ .avi.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\security\templates\danish hardcore masturbation (Tatjana,Sarah).mpg.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\malaysia hardcore masturbation vagina castration (Melissa).mpeg.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\swedish horse hidden vagina hotel .zip.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\winsxs\InstallTemp\british lesbian lingerie [milf] black hairunshaved .mpeg.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\action fucking hidden .zip.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\fetish horse sleeping (Tatjana,Sylvia).zip.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\porn kicking sleeping boobs (Samantha,Janette).avi.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\japanese beast xxx licking femdom .mpeg.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\tyrkish porn trambling voyeur feet gorgeoushorny .mpeg.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\french xxx handjob several models glans granny (Jade,Janette).avi.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\PLA\Templates\chinese animal lesbian licking gorgeoushorny .mpeg.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\spanish fucking hidden .mpeg.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\russian handjob masturbation shoes .zip.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\italian gang bang hidden hole (Melissa).avi.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\brasilian cum big boobs .mpeg.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\italian lingerie lesbian hidden boobs castration .rar.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\german horse beastiality licking .mpg.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\horse licking glans (Liz).rar.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\animal sleeping feet shoes .zip.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\horse nude hot (!) .avi.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\nude horse uncut latex .rar.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\handjob bukkake lesbian femdom .zip.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\indian kicking cumshot catfight .mpg.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\sperm several models fishy .mpeg.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\russian bukkake gang bang sleeping ash sm .zip.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\kicking lesbian legs .mpg.exe	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5368	2168	WerFault.exe	29

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2168	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
2804	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
2168	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
2916	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
2116	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
2804	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
2168	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
1316	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
1664	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
1604	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
2916	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
2256	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
2116	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
2804	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
2168	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
2016	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
1188	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
1316	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
1660	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
2264	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
1976	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
2916	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
620	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
1664	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
1728	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
1604	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
1140	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
2256	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
2116	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
2804	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
2168	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
2908	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
2376	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
2016	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
2240	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
600	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
956	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
1188	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
1316	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
2860	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
2396	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
1660	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
2264	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
2264	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
1772	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
1772	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
1304	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
1304	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
2916	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
2916	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
1032	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
1032	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
620	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
620	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
1664	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
1664	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
348	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
348	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
2880	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
2880	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
1976	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
1976	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
1604	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
1604	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2168 wrote to memory of 2804	2168	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe	31
PID 2168 wrote to memory of 2804	2168	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe	31
PID 2168 wrote to memory of 2804	2168	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe	31
PID 2168 wrote to memory of 2804	2168	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe	31
PID 2804 wrote to memory of 2916	2804	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe	32
PID 2804 wrote to memory of 2916	2804	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe	32
PID 2804 wrote to memory of 2916	2804	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe	32
PID 2804 wrote to memory of 2916	2804	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe	32
PID 2168 wrote to memory of 2116	2168	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe	33
PID 2168 wrote to memory of 2116	2168	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe	33
PID 2168 wrote to memory of 2116	2168	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe	33
PID 2168 wrote to memory of 2116	2168	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe	33
PID 2916 wrote to memory of 1316	2916	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe	34
PID 2916 wrote to memory of 1316	2916	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe	34
PID 2916 wrote to memory of 1316	2916	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe	34
PID 2916 wrote to memory of 1316	2916	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe	34
PID 2116 wrote to memory of 1664	2116	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe	35
PID 2116 wrote to memory of 1664	2116	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe	35
PID 2116 wrote to memory of 1664	2116	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe	35
PID 2116 wrote to memory of 1664	2116	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe	35
PID 2804 wrote to memory of 1604	2804	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe	36
PID 2804 wrote to memory of 1604	2804	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe	36
PID 2804 wrote to memory of 1604	2804	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe	36
PID 2804 wrote to memory of 1604	2804	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe	36
PID 2168 wrote to memory of 2256	2168	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe	37
PID 2168 wrote to memory of 2256	2168	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe	37
PID 2168 wrote to memory of 2256	2168	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe	37
PID 2168 wrote to memory of 2256	2168	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe	37
PID 1316 wrote to memory of 2016	1316	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe	38
PID 1316 wrote to memory of 2016	1316	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe	38
PID 1316 wrote to memory of 2016	1316	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe	38
PID 1316 wrote to memory of 2016	1316	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe	38
PID 2916 wrote to memory of 1188	2916	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe	39
PID 2916 wrote to memory of 1188	2916	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe	39
PID 2916 wrote to memory of 1188	2916	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe	39
PID 2916 wrote to memory of 1188	2916	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe	39
PID 1664 wrote to memory of 1660	1664	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe	40
PID 1664 wrote to memory of 1660	1664	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe	40
PID 1664 wrote to memory of 1660	1664	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe	40
PID 1664 wrote to memory of 1660	1664	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe	40
PID 1604 wrote to memory of 2264	1604	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe	41
PID 1604 wrote to memory of 2264	1604	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe	41
PID 1604 wrote to memory of 2264	1604	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe	41
PID 1604 wrote to memory of 2264	1604	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe	41
PID 2256 wrote to memory of 1976	2256	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe	42
PID 2256 wrote to memory of 1976	2256	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe	42
PID 2256 wrote to memory of 1976	2256	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe	42
PID 2256 wrote to memory of 1976	2256	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe	42
PID 2116 wrote to memory of 620	2116	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe	43
PID 2116 wrote to memory of 620	2116	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe	43
PID 2116 wrote to memory of 620	2116	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe	43
PID 2116 wrote to memory of 620	2116	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe	43
PID 2804 wrote to memory of 1728	2804	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe	44
PID 2804 wrote to memory of 1728	2804	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe	44
PID 2804 wrote to memory of 1728	2804	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe	44
PID 2804 wrote to memory of 1728	2804	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe	44
PID 2168 wrote to memory of 1140	2168	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe	45
PID 2168 wrote to memory of 1140	2168	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe	45
PID 2168 wrote to memory of 1140	2168	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe	45
PID 2168 wrote to memory of 1140	2168	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe	45
PID 2016 wrote to memory of 2908	2016	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe	46
PID 2016 wrote to memory of 2908	2016	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe	46
PID 2016 wrote to memory of 2908	2016	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe	46
PID 2016 wrote to memory of 2908	2016	a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe	46

C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
"C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2168
- C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
  "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2804
- - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2916
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1316
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2016
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        9⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        10⤵
        
        PID:10944
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        10⤵
        
        PID:21376
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        9⤵
        
        PID:8404
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        9⤵
        
        PID:13684
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        9⤵
        
        PID:22660
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        8⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        9⤵
        
        PID:9088
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        9⤵
        
        PID:11844
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        9⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        8⤵
        
        PID:7236
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        8⤵
        
        PID:11380
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        8⤵
        
        PID:19444
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        8⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        9⤵
        
        PID:11180
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        9⤵
        
        PID:22064
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        8⤵
        
        PID:8432
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        8⤵
        
        PID:14304
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        8⤵
        
        PID:22572
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        8⤵
        
        PID:9548
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        8⤵
        
        PID:18896
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:7624
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        8⤵
        
        PID:21436
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:11600
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:19412
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        8⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        9⤵
        
        PID:10932
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        9⤵
        
        PID:21292
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        8⤵
        
        PID:8568
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        9⤵
        
        PID:25932
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        8⤵
        
        PID:15396
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        8⤵
        
        PID:9420
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        8⤵
        
        PID:22016
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        8⤵
        
        PID:21228
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:11372
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        8⤵
        
        PID:21140
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:19348
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        8⤵
        
        PID:11320
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        8⤵
        
        PID:19252
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:8456
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:14004
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:21944
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:9388
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:18156
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:21052
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:11576
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:19428
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2376
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        8⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        9⤵
        
        PID:11188
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        9⤵
        
        PID:22120
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        8⤵
        
        PID:8396
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        8⤵
        
        PID:13996
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        8⤵
        
        PID:22184
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        8⤵
        
        PID:9412
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        8⤵
        
        PID:21696
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:7212
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        8⤵
        
        PID:21268
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:11916
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:22344
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        8⤵
        
        PID:10976
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        8⤵
        
        PID:20952
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:8560
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:19364
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:9444
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        8⤵
        
        PID:26020
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:22008
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:7308
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:20864
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:11900
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:22336
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1840
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        8⤵
        
        PID:14112
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        8⤵
        
        PID:25212
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:10028
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:20880
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:11956
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:22800
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:9048
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:21212
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:19200
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3728
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:11552
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:19340
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:8792
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:19268
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:5440
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:9604
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:21476
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:21616
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:7728
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:21100
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:11860
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:2076
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1188
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2240
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        8⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        9⤵
        
        PID:12100
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        9⤵
        
        PID:21576
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        8⤵
        
        PID:8976
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        8⤵
        
        PID:19380
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        8⤵
        
        PID:9584
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        8⤵
        
        PID:21856
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:7632
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        8⤵
        
        PID:21024
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:12380
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:22072
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        8⤵
        
        PID:10992
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        8⤵
        
        PID:21392
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:8992
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:19276
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:9540
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:19396
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:7720
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:11972
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:22932
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1780
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        8⤵
        
        PID:11396
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        8⤵
        
        PID:19452
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:8968
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:15428
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:9396
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:15380
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:22732
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:7640
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:21088
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:11836
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:22784
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:3644
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:12120
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:21632
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:8776
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:14072
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:22040
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:5424
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:9404
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:21664
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:7648
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:21656
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:12436
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:22096
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:956
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:856
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:7188
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:11932
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:22048
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:13056
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:24588
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:9452
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:19480
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:3976
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:19104
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:10272
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:15480
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:6116
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:12728
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:24676
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:9112
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:12452
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:22376
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2728
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:4188
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:7436
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:21060
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:11584
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:19488
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:6520
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:14128
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:22368
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:10164
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:19244
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:4324
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:7696
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:21244
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:11876
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:22320
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:6444
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:13088
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:840
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:10012
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:21284
- - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1604
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2264
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2396
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        8⤵
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        9⤵
        
        PID:19212
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        8⤵
        
        PID:10952
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        8⤵
        
        PID:22128
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        8⤵
        
        PID:12128
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        8⤵
        
        PID:22504
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:9104
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:12420
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:22136
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        8⤵
        
        PID:11964
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        8⤵
        
        PID:22540
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:9096
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:12428
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:22080
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:10228
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:15404
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:7872
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:20960
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:12792
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:22460
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:2596
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        8⤵
        
        PID:13328
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        8⤵
        
        PID:22668
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:10044
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:20872
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:12144
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:22312
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:9468
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:21584
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3720
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:12356
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:22176
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:9056
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:19420
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:5448
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:9572
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:19372
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:7736
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:21452
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:12396
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:22192
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1032
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1216
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:8232
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:13980
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:22232
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:6460
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:13048
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:22948
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:9980
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:19436
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:4796
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:8424
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:14080
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:22216
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:6492
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:12300
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:22548
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:9972
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:20944
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2712
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:4240
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:7488
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:11592
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:19472
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:6468
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:14144
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:22000
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:9988
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:15504
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:4340
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:7792
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:21108
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:11980
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:22328
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:6452
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:14324
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:23404
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:9844
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:15412
- - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1728
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:1748
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3260
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:8500
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:13612
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:22612
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:21068
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:10236
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:15388
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:24420
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:4564
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:8336
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:21420
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:13652
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:22824
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:6420
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:13072
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:22848
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:9860
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:21236
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2672
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:4572
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:8148
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:13032
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:23792
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:6568
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:20812
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:10204
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:15436
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:4332
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:7824
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:21460
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:12444
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:22088
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:6476
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:13360
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:22652
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:9892
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:20928
- - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2880
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:3200
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:4976
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:8516
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:15372
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:6988
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:20912
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:11048
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:21916
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:4828
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:8748
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:19112
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:6576
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:12892
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:22620
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:10188
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:19220
- - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
    3⤵
    PID:2816
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:4544
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:8304
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:13676
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:22636
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:6404
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:13096
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:23744
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:9868
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:21904
- - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
    3⤵
    PID:4464
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:8136
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:21148
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:14104
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:22868
- - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
    3⤵
    PID:6512
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:13344
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:22716
- - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
    3⤵
    PID:10196
- - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
    3⤵
    PID:19072
- C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
  "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2116
- - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1664
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1660
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:600
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        8⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        9⤵
        
        PID:12768
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        9⤵
        
        PID:22240
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        8⤵
        
        PID:9460
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        8⤵
        
        PID:18904
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        8⤵
        
        PID:10020
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        8⤵
        
        PID:20968
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:7864
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        8⤵
        
        PID:21132
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:12760
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:22160
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        8⤵
        
        PID:12136
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        8⤵
        
        PID:22288
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:9064
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        8⤵
        
        PID:20936
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:15532
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:9628
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:21704
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:7768
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:23024
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:12388
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:22104
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3028
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        8⤵
        
        PID:20976
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:11924
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:22360
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:12816
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:22596
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:9484
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:25940
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:15356
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:22588
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3784
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:13448
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:23752
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:9476
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:19284
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:5472
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:10136
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:21468
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:7756
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:21076
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:11868
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:22436
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:2336
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        8⤵
        
        PID:13136
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        8⤵
        
        PID:22428
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:10288
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:19080
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:12784
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:23032
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:9532
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:18796
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3760
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:11356
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:19464
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:8768
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:14088
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:22248
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:5464
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:9964
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:21384
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:7748
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:21220
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:11852
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:22808
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2736
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:4436
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:7988
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:12696
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:22512
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:6396
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:13040
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:22520
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:9884
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:21972
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:4284
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:8000
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:21276
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:13024
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:23784
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:6560
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:13368
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:22708
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:10220
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:15420
- - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:620
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1304
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2992
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        8⤵
        
        PID:13740
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        8⤵
        
        PID:22564
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:11388
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:19388
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:13112
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:23736
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:9436
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:21848
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:3968
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:12884
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:22644
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:10036
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:20416
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:6004
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:12736
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:22200
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:9080
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:20904
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2724
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:4424
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:8088
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:21116
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:12688
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:23768
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:6388
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:13064
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:22860
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:9876
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:20584
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:4292
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:7776
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:11884
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:22956
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:6536
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:19228
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:10172
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:22032
- - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:348
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3220
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:5004
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:8704
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:13636
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:22580
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:7004
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:20896
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:10648
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:19064
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:4856
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:8552
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:13660
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:22940
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:6916
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:13376
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:22604
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:10960
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:21640
- - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2184
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:4508
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:8076
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:12372
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:22444
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:6544
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:12856
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:22724
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:10180
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:19236
- - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
    3⤵
    PID:4392
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:7924
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:21404
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:12364
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:22816
- - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
    3⤵
    PID:6504
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:14152
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:22168
- - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
    3⤵
    PID:10280
- - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
    3⤵
    PID:19088
- C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
  "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2256
- - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1976
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1772
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2224
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        8⤵
        
        PID:20856
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:11212
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:22296
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:11892
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:22532
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:9428
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:21560
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:3928
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:12776
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:22700
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:9796
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:21648
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:5844
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:11156
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:22304
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:8464
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:21412
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:13988
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:21960
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2760
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:4196
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:7456
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:21260
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:11908
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:22112
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:6528
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:13352
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:22832
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:10156
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:22024
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:4316
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:8068
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:21156
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:13120
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:23776
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:6436
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:10796
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:22144
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:9804
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:21568
- - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1480
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3248
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:4808
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:8484
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:13668
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:22684
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:6484
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:14120
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:22152
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:9956
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:19872
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:4524
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:8108
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:13080
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:22876
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:6260
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:13104
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:23760
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:9512
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:15524
- - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
    3⤵
    PID:2764
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:4592
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:8252
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:21124
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:13972
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:22056
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:6428
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:12476
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:22496
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:10004
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:20848
- - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
    3⤵
    PID:4384
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:8044
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:20920
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:12752
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:22264
- - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
    3⤵
    PID:6252
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:12808
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:22692
- - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
    3⤵
    PID:9492
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:20252
- - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
    3⤵
    PID:21836
- C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
  "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1140
- - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
    3⤵
    PID:1612
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3272
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:4968
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:8680
        
        C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        7⤵
        
        PID:25948
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:19356
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:6940
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:18640
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:10332
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:14316
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:22556
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:4552
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:8164
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:21252
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:13964
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:23412
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:6412
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:12716
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:22792
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:9852
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:21204
- - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2428
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:5016
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:8588
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:15364
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:7020
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:20888
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:11568
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:19260
- - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
    3⤵
    PID:4892
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:8784
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:14096
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:22208
- - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
    3⤵
    PID:7012
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:13708
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:22628
- - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
    3⤵
    PID:11172
- - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
    3⤵
    PID:22224
- C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
  "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
  2⤵
  PID:1280
- - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3332
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:4992
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:8736
      - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        6⤵
        
        PID:25956
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:14064
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:22256
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:6996
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:13400
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:22452
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:11560
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:19096
- - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
    3⤵
    PID:4616
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:8388
    - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
        5⤵
        
        PID:21428
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:13696
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:22676
- - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
    3⤵
    PID:6552
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:14136
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:21928
- - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
    3⤵
    PID:10212
- - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
    3⤵
    PID:21672
- C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
  "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
  2⤵
  PID:3080
- - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
    3⤵
    PID:4984
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:8984
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:19404
- - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
    3⤵
    PID:6980
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:12864
  - - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
      "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
      4⤵
      PID:22964
- - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
    3⤵
    PID:11408
- - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
    3⤵
    PID:22352
- C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
  "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
  2⤵
  PID:4584
- - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
    3⤵
    PID:8352
- - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
    3⤵
    PID:13644
- - C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\a0c5342fabfc2bc5bfd72b5d3a05e2a0N.exe"
    3⤵
    PID:22840
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 720
  2⤵
  - Program crash
  PID:5368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\spanish blowjob gay full movie hotel .avi.exe

Filesize
751KB

MD5
81499870b69d8c7eda7b6fbbd27a4dc2

SHA1
99e423ef2d750ea36fc7cb0dcc8d43a677497829

SHA256
9129309a845ab110864676f3d88abbede71806e2296968a9528058fc45afc151

SHA512
4c38040af522ff467ca43e37655ddf8b13747043fd1d0ec86b6c37e5be3741daeddab7fd122169822ff84ba4c407c380b36ab078882d7bc8008860a41819ffa9

Download Submit