230b39170be18cae074fb99322937b85281ead7df870e14326a77c7386664eae

Analysis

max time kernel
17s
max time network
125s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
22-08-2024 19:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

71abcf5eebc9525cc15e3637604f75f0N.exe
Size

799KB
MD5

71abcf5eebc9525cc15e3637604f75f0
SHA1

8c84d2d0e73075205cc0a57712a902a10f94b1d6
SHA256

230b39170be18cae074fb99322937b85281ead7df870e14326a77c7386664eae
SHA512

41e97a24fa273da52b9eed095b5241149d00ff86c32b190058d07b7e158188769792e614eccc4b9ab683d461edd4ee4fd758c64f8b8deebe94695f1bc4f83d4f
SSDEEP

24576:CmpvPlgaEOIzA1jJac7EjZY9fB4coL8AQaTu6zmxpX:CIPlGO/EZYps6Gu6zmxd

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	71abcf5eebc9525cc15e3637604f75f0N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\T:	71abcf5eebc9525cc15e3637604f75f0N.exe
File opened (read-only)	\??\B:	71abcf5eebc9525cc15e3637604f75f0N.exe
File opened (read-only)	\??\G:	71abcf5eebc9525cc15e3637604f75f0N.exe
File opened (read-only)	\??\I:	71abcf5eebc9525cc15e3637604f75f0N.exe
File opened (read-only)	\??\J:	71abcf5eebc9525cc15e3637604f75f0N.exe
File opened (read-only)	\??\M:	71abcf5eebc9525cc15e3637604f75f0N.exe
File opened (read-only)	\??\A:	71abcf5eebc9525cc15e3637604f75f0N.exe
File opened (read-only)	\??\Q:	71abcf5eebc9525cc15e3637604f75f0N.exe
File opened (read-only)	\??\S:	71abcf5eebc9525cc15e3637604f75f0N.exe
File opened (read-only)	\??\U:	71abcf5eebc9525cc15e3637604f75f0N.exe
File opened (read-only)	\??\Z:	71abcf5eebc9525cc15e3637604f75f0N.exe
File opened (read-only)	\??\K:	71abcf5eebc9525cc15e3637604f75f0N.exe
File opened (read-only)	\??\L:	71abcf5eebc9525cc15e3637604f75f0N.exe
File opened (read-only)	\??\N:	71abcf5eebc9525cc15e3637604f75f0N.exe
File opened (read-only)	\??\P:	71abcf5eebc9525cc15e3637604f75f0N.exe
File opened (read-only)	\??\V:	71abcf5eebc9525cc15e3637604f75f0N.exe
File opened (read-only)	\??\X:	71abcf5eebc9525cc15e3637604f75f0N.exe
File opened (read-only)	\??\Y:	71abcf5eebc9525cc15e3637604f75f0N.exe
File opened (read-only)	\??\E:	71abcf5eebc9525cc15e3637604f75f0N.exe
File opened (read-only)	\??\H:	71abcf5eebc9525cc15e3637604f75f0N.exe
File opened (read-only)	\??\O:	71abcf5eebc9525cc15e3637604f75f0N.exe
File opened (read-only)	\??\R:	71abcf5eebc9525cc15e3637604f75f0N.exe
File opened (read-only)	\??\W:	71abcf5eebc9525cc15e3637604f75f0N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\fetish full movie boobs .zip.exe	71abcf5eebc9525cc15e3637604f75f0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\tyrkish gang bang lesbian [milf] fishy (Sarah).mpeg.exe	71abcf5eebc9525cc15e3637604f75f0N.exe
File created	C:\Windows\SysWOW64\IME\shared\american kicking fetish several models pregnant .zip.exe	71abcf5eebc9525cc15e3637604f75f0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\asian animal fucking big ash .zip.exe	71abcf5eebc9525cc15e3637604f75f0N.exe
File created	C:\Windows\SysWOW64\IME\shared\german xxx hot (!) .avi.exe	71abcf5eebc9525cc15e3637604f75f0N.exe
File created	C:\Windows\System32\DriverStore\Temp\tyrkish fucking hot (!) legs .avi.exe	71abcf5eebc9525cc15e3637604f75f0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\nude gang bang girls pregnant .mpeg.exe	71abcf5eebc9525cc15e3637604f75f0N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\sperm full movie 50+ .zip.exe	71abcf5eebc9525cc15e3637604f75f0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\brasilian handjob gang bang [bangbus] girly .rar.exe	71abcf5eebc9525cc15e3637604f75f0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\norwegian lesbian gang bang voyeur cock black hairunshaved .zip.exe	71abcf5eebc9525cc15e3637604f75f0N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\canadian lingerie animal licking .mpeg.exe	71abcf5eebc9525cc15e3637604f75f0N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\gang bang [milf] stockings .avi.exe	71abcf5eebc9525cc15e3637604f75f0N.exe
File created	C:\Program Files (x86)\Google\Update\Download\cumshot beastiality big cock shoes .mpg.exe	71abcf5eebc9525cc15e3637604f75f0N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\gay sleeping cock .mpg.exe	71abcf5eebc9525cc15e3637604f75f0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\beast animal public gorgeoushorny (Kathrin).rar.exe	71abcf5eebc9525cc15e3637604f75f0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\lingerie voyeur .rar.exe	71abcf5eebc9525cc15e3637604f75f0N.exe
File created	C:\Program Files\Windows Journal\Templates\animal hot (!) latex .avi.exe	71abcf5eebc9525cc15e3637604f75f0N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\malaysia beastiality fucking full movie swallow (Sarah,Sonja).mpeg.exe	71abcf5eebc9525cc15e3637604f75f0N.exe
File created	C:\Program Files (x86)\Google\Temp\gay licking girly (Janette).mpg.exe	71abcf5eebc9525cc15e3637604f75f0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\malaysia fucking lingerie lesbian swallow .zip.exe	71abcf5eebc9525cc15e3637604f75f0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\german bukkake horse hot (!) (Anniston,Sonja).mpeg.exe	71abcf5eebc9525cc15e3637604f75f0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\african beastiality catfight .mpg.exe	71abcf5eebc9525cc15e3637604f75f0N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\trambling horse [bangbus] ash .avi.exe	71abcf5eebc9525cc15e3637604f75f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\spanish animal public vagina ash .rar.exe	71abcf5eebc9525cc15e3637604f75f0N.exe
File created	C:\Program Files\DVD Maker\Shared\fucking masturbation 40+ .avi.exe	71abcf5eebc9525cc15e3637604f75f0N.exe

Drops file in Windows directory 32 IoCs

description	ioc	Process
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\trambling several models .mpg.exe	71abcf5eebc9525cc15e3637604f75f0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\chinese gang bang gay several models vagina (Melissa).zip.exe	71abcf5eebc9525cc15e3637604f75f0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\african beast action voyeur legs girly .avi.exe	71abcf5eebc9525cc15e3637604f75f0N.exe
File created	C:\Windows\SoftwareDistribution\Download\chinese horse xxx public gorgeoushorny .avi.exe	71abcf5eebc9525cc15e3637604f75f0N.exe
File created	C:\Windows\mssrv.exe	71abcf5eebc9525cc15e3637604f75f0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\kicking trambling voyeur (Sonja,Gina).avi.exe	71abcf5eebc9525cc15e3637604f75f0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\xxx licking nipples ejaculation .mpeg.exe	71abcf5eebc9525cc15e3637604f75f0N.exe
File created	C:\Windows\PLA\Templates\black cum trambling uncut hole lady .rar.exe	71abcf5eebc9525cc15e3637604f75f0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\italian bukkake xxx catfight .zip.exe	71abcf5eebc9525cc15e3637604f75f0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\asian gay animal public sweet (Ashley,Ashley).mpg.exe	71abcf5eebc9525cc15e3637604f75f0N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\handjob [bangbus] vagina hairy .avi.exe	71abcf5eebc9525cc15e3637604f75f0N.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\african hardcore masturbation pregnant .mpg.exe	71abcf5eebc9525cc15e3637604f75f0N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\swedish gay animal voyeur cock .rar.exe	71abcf5eebc9525cc15e3637604f75f0N.exe
File created	C:\Windows\assembly\temp\malaysia lesbian fetish big boots .rar.exe	71abcf5eebc9525cc15e3637604f75f0N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\british fetish fucking full movie glans (Jenna).rar.exe	71abcf5eebc9525cc15e3637604f75f0N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\canadian fucking horse voyeur .mpeg.exe	71abcf5eebc9525cc15e3637604f75f0N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\kicking gang bang voyeur titts .avi.exe	71abcf5eebc9525cc15e3637604f75f0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\blowjob fetish sleeping .zip.exe	71abcf5eebc9525cc15e3637604f75f0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\malaysia beastiality beast licking lady .mpg.exe	71abcf5eebc9525cc15e3637604f75f0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\norwegian handjob horse [bangbus] vagina hotel .avi.exe	71abcf5eebc9525cc15e3637604f75f0N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\action hidden nipples fishy (Jenna,Jade).avi.exe	71abcf5eebc9525cc15e3637604f75f0N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\trambling handjob big feet .mpg.exe	71abcf5eebc9525cc15e3637604f75f0N.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\brasilian handjob [bangbus] cock .zip.exe	71abcf5eebc9525cc15e3637604f75f0N.exe
File created	C:\Windows\security\templates\bukkake cumshot catfight traffic .mpg.exe	71abcf5eebc9525cc15e3637604f75f0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\asian gay lesbian sweet (Sylvia,Jade).rar.exe	71abcf5eebc9525cc15e3637604f75f0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\animal hidden girly .avi.exe	71abcf5eebc9525cc15e3637604f75f0N.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\canadian blowjob cum full movie .rar.exe	71abcf5eebc9525cc15e3637604f75f0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\tyrkish beastiality [milf] (Janette).avi.exe	71abcf5eebc9525cc15e3637604f75f0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\lingerie action uncut (Tatjana,Christine).mpeg.exe	71abcf5eebc9525cc15e3637604f75f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\swedish fucking kicking girls high heels .mpg.exe	71abcf5eebc9525cc15e3637604f75f0N.exe
File created	C:\Windows\assembly\tmp\british beast lesbian (Liz,Liz).mpeg.exe	71abcf5eebc9525cc15e3637604f75f0N.exe
File created	C:\Windows\Downloaded Program Files\tyrkish gang bang gang bang voyeur shoes .mpeg.exe	71abcf5eebc9525cc15e3637604f75f0N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 39 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	71abcf5eebc9525cc15e3637604f75f0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	71abcf5eebc9525cc15e3637604f75f0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	71abcf5eebc9525cc15e3637604f75f0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	71abcf5eebc9525cc15e3637604f75f0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	71abcf5eebc9525cc15e3637604f75f0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	71abcf5eebc9525cc15e3637604f75f0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	71abcf5eebc9525cc15e3637604f75f0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	71abcf5eebc9525cc15e3637604f75f0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	71abcf5eebc9525cc15e3637604f75f0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	71abcf5eebc9525cc15e3637604f75f0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	71abcf5eebc9525cc15e3637604f75f0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	71abcf5eebc9525cc15e3637604f75f0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	71abcf5eebc9525cc15e3637604f75f0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	71abcf5eebc9525cc15e3637604f75f0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	71abcf5eebc9525cc15e3637604f75f0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	71abcf5eebc9525cc15e3637604f75f0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	71abcf5eebc9525cc15e3637604f75f0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	71abcf5eebc9525cc15e3637604f75f0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	71abcf5eebc9525cc15e3637604f75f0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	71abcf5eebc9525cc15e3637604f75f0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	71abcf5eebc9525cc15e3637604f75f0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	71abcf5eebc9525cc15e3637604f75f0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	71abcf5eebc9525cc15e3637604f75f0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	71abcf5eebc9525cc15e3637604f75f0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	71abcf5eebc9525cc15e3637604f75f0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	71abcf5eebc9525cc15e3637604f75f0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	71abcf5eebc9525cc15e3637604f75f0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	71abcf5eebc9525cc15e3637604f75f0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	71abcf5eebc9525cc15e3637604f75f0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	71abcf5eebc9525cc15e3637604f75f0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	71abcf5eebc9525cc15e3637604f75f0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	71abcf5eebc9525cc15e3637604f75f0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	71abcf5eebc9525cc15e3637604f75f0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	71abcf5eebc9525cc15e3637604f75f0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	71abcf5eebc9525cc15e3637604f75f0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	71abcf5eebc9525cc15e3637604f75f0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	71abcf5eebc9525cc15e3637604f75f0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	71abcf5eebc9525cc15e3637604f75f0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	71abcf5eebc9525cc15e3637604f75f0N.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2072	71abcf5eebc9525cc15e3637604f75f0N.exe
2148	71abcf5eebc9525cc15e3637604f75f0N.exe
2072	71abcf5eebc9525cc15e3637604f75f0N.exe
2820	71abcf5eebc9525cc15e3637604f75f0N.exe
2704	71abcf5eebc9525cc15e3637604f75f0N.exe
2148	71abcf5eebc9525cc15e3637604f75f0N.exe
2072	71abcf5eebc9525cc15e3637604f75f0N.exe
2896	71abcf5eebc9525cc15e3637604f75f0N.exe
1560	71abcf5eebc9525cc15e3637604f75f0N.exe
2840	71abcf5eebc9525cc15e3637604f75f0N.exe
2416	71abcf5eebc9525cc15e3637604f75f0N.exe
2820	71abcf5eebc9525cc15e3637604f75f0N.exe
2148	71abcf5eebc9525cc15e3637604f75f0N.exe
2704	71abcf5eebc9525cc15e3637604f75f0N.exe
2072	71abcf5eebc9525cc15e3637604f75f0N.exe
2868	71abcf5eebc9525cc15e3637604f75f0N.exe
2896	71abcf5eebc9525cc15e3637604f75f0N.exe
2920	71abcf5eebc9525cc15e3637604f75f0N.exe
2836	71abcf5eebc9525cc15e3637604f75f0N.exe
2704	71abcf5eebc9525cc15e3637604f75f0N.exe
2636	71abcf5eebc9525cc15e3637604f75f0N.exe
2148	71abcf5eebc9525cc15e3637604f75f0N.exe
3028	71abcf5eebc9525cc15e3637604f75f0N.exe
2600	71abcf5eebc9525cc15e3637604f75f0N.exe
2608	71abcf5eebc9525cc15e3637604f75f0N.exe
1560	71abcf5eebc9525cc15e3637604f75f0N.exe
2820	71abcf5eebc9525cc15e3637604f75f0N.exe
2072	71abcf5eebc9525cc15e3637604f75f0N.exe
2840	71abcf5eebc9525cc15e3637604f75f0N.exe
568	71abcf5eebc9525cc15e3637604f75f0N.exe
2416	71abcf5eebc9525cc15e3637604f75f0N.exe
2716	71abcf5eebc9525cc15e3637604f75f0N.exe
1956	71abcf5eebc9525cc15e3637604f75f0N.exe
2896	71abcf5eebc9525cc15e3637604f75f0N.exe
2960	71abcf5eebc9525cc15e3637604f75f0N.exe
2308	71abcf5eebc9525cc15e3637604f75f0N.exe
2704	71abcf5eebc9525cc15e3637604f75f0N.exe
2868	71abcf5eebc9525cc15e3637604f75f0N.exe
2920	71abcf5eebc9525cc15e3637604f75f0N.exe
2312	71abcf5eebc9525cc15e3637604f75f0N.exe
2148	71abcf5eebc9525cc15e3637604f75f0N.exe
976	71abcf5eebc9525cc15e3637604f75f0N.exe
1356	71abcf5eebc9525cc15e3637604f75f0N.exe
2036	71abcf5eebc9525cc15e3637604f75f0N.exe
1168	71abcf5eebc9525cc15e3637604f75f0N.exe
388	71abcf5eebc9525cc15e3637604f75f0N.exe
2180	71abcf5eebc9525cc15e3637604f75f0N.exe
2180	71abcf5eebc9525cc15e3637604f75f0N.exe
560	71abcf5eebc9525cc15e3637604f75f0N.exe
560	71abcf5eebc9525cc15e3637604f75f0N.exe
1560	71abcf5eebc9525cc15e3637604f75f0N.exe
1560	71abcf5eebc9525cc15e3637604f75f0N.exe
2840	71abcf5eebc9525cc15e3637604f75f0N.exe
2840	71abcf5eebc9525cc15e3637604f75f0N.exe
2072	71abcf5eebc9525cc15e3637604f75f0N.exe
2072	71abcf5eebc9525cc15e3637604f75f0N.exe
2820	71abcf5eebc9525cc15e3637604f75f0N.exe
2820	71abcf5eebc9525cc15e3637604f75f0N.exe
1768	71abcf5eebc9525cc15e3637604f75f0N.exe
1768	71abcf5eebc9525cc15e3637604f75f0N.exe
1004	71abcf5eebc9525cc15e3637604f75f0N.exe
1004	71abcf5eebc9525cc15e3637604f75f0N.exe
2000	71abcf5eebc9525cc15e3637604f75f0N.exe
2000	71abcf5eebc9525cc15e3637604f75f0N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2072 wrote to memory of 2148	2072	71abcf5eebc9525cc15e3637604f75f0N.exe	30
PID 2072 wrote to memory of 2148	2072	71abcf5eebc9525cc15e3637604f75f0N.exe	30
PID 2072 wrote to memory of 2148	2072	71abcf5eebc9525cc15e3637604f75f0N.exe	30
PID 2072 wrote to memory of 2148	2072	71abcf5eebc9525cc15e3637604f75f0N.exe	30
PID 2148 wrote to memory of 2820	2148	71abcf5eebc9525cc15e3637604f75f0N.exe	31
PID 2148 wrote to memory of 2820	2148	71abcf5eebc9525cc15e3637604f75f0N.exe	31
PID 2148 wrote to memory of 2820	2148	71abcf5eebc9525cc15e3637604f75f0N.exe	31
PID 2148 wrote to memory of 2820	2148	71abcf5eebc9525cc15e3637604f75f0N.exe	31
PID 2072 wrote to memory of 2704	2072	71abcf5eebc9525cc15e3637604f75f0N.exe	32
PID 2072 wrote to memory of 2704	2072	71abcf5eebc9525cc15e3637604f75f0N.exe	32
PID 2072 wrote to memory of 2704	2072	71abcf5eebc9525cc15e3637604f75f0N.exe	32
PID 2072 wrote to memory of 2704	2072	71abcf5eebc9525cc15e3637604f75f0N.exe	32
PID 2820 wrote to memory of 2896	2820	71abcf5eebc9525cc15e3637604f75f0N.exe	34
PID 2820 wrote to memory of 2896	2820	71abcf5eebc9525cc15e3637604f75f0N.exe	34
PID 2820 wrote to memory of 2896	2820	71abcf5eebc9525cc15e3637604f75f0N.exe	34
PID 2820 wrote to memory of 2896	2820	71abcf5eebc9525cc15e3637604f75f0N.exe	34
PID 2148 wrote to memory of 1560	2148	71abcf5eebc9525cc15e3637604f75f0N.exe	35
PID 2148 wrote to memory of 1560	2148	71abcf5eebc9525cc15e3637604f75f0N.exe	35
PID 2148 wrote to memory of 1560	2148	71abcf5eebc9525cc15e3637604f75f0N.exe	35
PID 2148 wrote to memory of 1560	2148	71abcf5eebc9525cc15e3637604f75f0N.exe	35
PID 2704 wrote to memory of 2840	2704	71abcf5eebc9525cc15e3637604f75f0N.exe	33
PID 2704 wrote to memory of 2840	2704	71abcf5eebc9525cc15e3637604f75f0N.exe	33
PID 2704 wrote to memory of 2840	2704	71abcf5eebc9525cc15e3637604f75f0N.exe	33
PID 2704 wrote to memory of 2840	2704	71abcf5eebc9525cc15e3637604f75f0N.exe	33
PID 2072 wrote to memory of 2416	2072	71abcf5eebc9525cc15e3637604f75f0N.exe	36
PID 2072 wrote to memory of 2416	2072	71abcf5eebc9525cc15e3637604f75f0N.exe	36
PID 2072 wrote to memory of 2416	2072	71abcf5eebc9525cc15e3637604f75f0N.exe	36
PID 2072 wrote to memory of 2416	2072	71abcf5eebc9525cc15e3637604f75f0N.exe	36
PID 2896 wrote to memory of 2868	2896	71abcf5eebc9525cc15e3637604f75f0N.exe	37
PID 2896 wrote to memory of 2868	2896	71abcf5eebc9525cc15e3637604f75f0N.exe	37
PID 2896 wrote to memory of 2868	2896	71abcf5eebc9525cc15e3637604f75f0N.exe	37
PID 2896 wrote to memory of 2868	2896	71abcf5eebc9525cc15e3637604f75f0N.exe	37
PID 2148 wrote to memory of 2836	2148	71abcf5eebc9525cc15e3637604f75f0N.exe	38
PID 2148 wrote to memory of 2836	2148	71abcf5eebc9525cc15e3637604f75f0N.exe	38
PID 2148 wrote to memory of 2836	2148	71abcf5eebc9525cc15e3637604f75f0N.exe	38
PID 2148 wrote to memory of 2836	2148	71abcf5eebc9525cc15e3637604f75f0N.exe	38
PID 1560 wrote to memory of 2920	1560	71abcf5eebc9525cc15e3637604f75f0N.exe	39
PID 1560 wrote to memory of 2920	1560	71abcf5eebc9525cc15e3637604f75f0N.exe	39
PID 1560 wrote to memory of 2920	1560	71abcf5eebc9525cc15e3637604f75f0N.exe	39
PID 1560 wrote to memory of 2920	1560	71abcf5eebc9525cc15e3637604f75f0N.exe	39
PID 2704 wrote to memory of 3028	2704	71abcf5eebc9525cc15e3637604f75f0N.exe	40
PID 2704 wrote to memory of 3028	2704	71abcf5eebc9525cc15e3637604f75f0N.exe	40
PID 2704 wrote to memory of 3028	2704	71abcf5eebc9525cc15e3637604f75f0N.exe	40
PID 2704 wrote to memory of 3028	2704	71abcf5eebc9525cc15e3637604f75f0N.exe	40
PID 2820 wrote to memory of 2636	2820	71abcf5eebc9525cc15e3637604f75f0N.exe	41
PID 2820 wrote to memory of 2636	2820	71abcf5eebc9525cc15e3637604f75f0N.exe	41
PID 2820 wrote to memory of 2636	2820	71abcf5eebc9525cc15e3637604f75f0N.exe	41
PID 2820 wrote to memory of 2636	2820	71abcf5eebc9525cc15e3637604f75f0N.exe	41
PID 2072 wrote to memory of 2600	2072	71abcf5eebc9525cc15e3637604f75f0N.exe	42
PID 2072 wrote to memory of 2600	2072	71abcf5eebc9525cc15e3637604f75f0N.exe	42
PID 2072 wrote to memory of 2600	2072	71abcf5eebc9525cc15e3637604f75f0N.exe	42
PID 2072 wrote to memory of 2600	2072	71abcf5eebc9525cc15e3637604f75f0N.exe	42
PID 2840 wrote to memory of 2608	2840	71abcf5eebc9525cc15e3637604f75f0N.exe	43
PID 2840 wrote to memory of 2608	2840	71abcf5eebc9525cc15e3637604f75f0N.exe	43
PID 2840 wrote to memory of 2608	2840	71abcf5eebc9525cc15e3637604f75f0N.exe	43
PID 2840 wrote to memory of 2608	2840	71abcf5eebc9525cc15e3637604f75f0N.exe	43
PID 2416 wrote to memory of 568	2416	71abcf5eebc9525cc15e3637604f75f0N.exe	44
PID 2416 wrote to memory of 568	2416	71abcf5eebc9525cc15e3637604f75f0N.exe	44
PID 2416 wrote to memory of 568	2416	71abcf5eebc9525cc15e3637604f75f0N.exe	44
PID 2416 wrote to memory of 568	2416	71abcf5eebc9525cc15e3637604f75f0N.exe	44
PID 2896 wrote to memory of 2716	2896	71abcf5eebc9525cc15e3637604f75f0N.exe	45
PID 2896 wrote to memory of 2716	2896	71abcf5eebc9525cc15e3637604f75f0N.exe	45
PID 2896 wrote to memory of 2716	2896	71abcf5eebc9525cc15e3637604f75f0N.exe	45
PID 2896 wrote to memory of 2716	2896	71abcf5eebc9525cc15e3637604f75f0N.exe	45

C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
"C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2072
- C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2148
- - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2820
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2896
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2868
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        7⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        8⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        9⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        9⤵
        
        PID:12372
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        8⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        8⤵
        
        PID:8956
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        7⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        8⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        9⤵
        
        PID:12664
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        8⤵
        
        PID:9460
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        7⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        8⤵
        
        PID:11032
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        7⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        7⤵
        
        PID:13088
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        7⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        8⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        8⤵
        
        PID:12740
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        7⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        8⤵
        
        PID:11292
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        7⤵
        
        PID:8620
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        7⤵
        
        PID:5380
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        7⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        8⤵
        
        PID:12832
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        7⤵
        
        PID:9060
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        7⤵
        
        PID:11176
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:6816
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:10400
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2716
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:236
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        7⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        8⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        9⤵
        
        PID:12884
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        8⤵
        
        PID:12536
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        7⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        7⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        8⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        7⤵
        
        PID:11832
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        7⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        8⤵
        
        PID:12560
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        7⤵
        
        PID:8996
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        7⤵
        
        PID:11168
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:6988
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:12300
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:780
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        7⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        7⤵
        
        PID:12400
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        7⤵
        
        PID:11040
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:9044
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:3336
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        7⤵
        
        PID:12796
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:8404
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:4572
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:9004
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:6696
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:12684
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:13096
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2636
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:388
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        7⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        7⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        7⤵
        
        PID:10340
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        7⤵
        
        PID:8916
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:6360
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:11888
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:2540
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        7⤵
        
        PID:11232
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:6944
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:13236
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:3952
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:7600
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:12488
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:5956
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:6772
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:7856
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:13212
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:976
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:2560
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        7⤵
        
        PID:10944
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:6912
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:12512
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:3960
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:7340
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:12724
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:5948
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:11620
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:7756
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:13248
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:4304
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:7664
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:14468
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:6456
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:10464
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:3828
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:7052
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:12432
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:5344
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:11216
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:9036
- - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1560
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2920
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2308
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        7⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        8⤵
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        8⤵
        
        PID:12496
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        7⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        8⤵
        
        PID:11708
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        7⤵
        
        PID:8964
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        7⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        7⤵
        
        PID:11656
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        7⤵
        
        PID:10304
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:7096
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:13876
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:972
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        7⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        7⤵
        
        PID:12440
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        7⤵
        
        PID:13112
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:8948
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:3424
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        7⤵
        
        PID:7708
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        7⤵
        
        PID:13080
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:9696
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:4656
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:11640
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:7072
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:12528
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2036
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:2556
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        7⤵
        
        PID:11224
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:7308
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:12316
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:4000
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:8452
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:5040
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:11692
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:6472
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:10416
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:2664
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:4056
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:8880
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:6100
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:4196
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:11880
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:3796
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:6996
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:12292
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:5360
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:10288
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:8988
- - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2836
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2180
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:3076
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        7⤵
        
        PID:12568
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:7888
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:13104
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:4216
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        7⤵
        
        PID:15016
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:11904
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:6448
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:9468
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:2708
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:4392
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:8940
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:5940
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:4800
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:8604
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:3944
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:7364
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:12700
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:5916
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:11160
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:8420
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:14452
- - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2312
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:2688
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:3888
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:7044
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:13364
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:5056
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:12552
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:7588
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:1508
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:3568
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:6136
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:12544
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:12624
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:4920
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:11024
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:6764
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:10392
- - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1596
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:3744
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:7060
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:11928
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:5280
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:9052
- - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
    3⤵
    PID:3432
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:5776
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:12448
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:9068
- - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
    3⤵
    PID:4636
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:10296
- - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
    3⤵
    PID:6936
- - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
    3⤵
    PID:13256
- C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2704
- - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2840
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2608
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:1004
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        7⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        8⤵
        
        PID:12472
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        7⤵
        
        PID:8844
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        7⤵
        
        PID:7768
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:6724
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:10360
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:3004
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        7⤵
        
        PID:10312
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:7316
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:12520
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:4072
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:8860
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:6012
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:11184
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1168
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:1044
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:5200
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:8612
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:4248
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:8900
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:6480
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:11896
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:2756
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:4228
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:8908
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:6440
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:10452
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:3788
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:6784
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:12708
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:5336
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:11648
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:9416
- - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:3028
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:560
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:3088
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        7⤵
        
        PID:10368
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:8644
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:4208
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:8868
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:6432
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:9992
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:2604
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:4784
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:11672
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:7332
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:12416
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:4040
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:8636
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:6116
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:14052
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:11628
- - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2960
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2232
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:3656
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:6496
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:12732
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:5168
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:12764
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:8932
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:3416
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:5764
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:11056
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:9396
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:4620
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:9012
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:6920
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:12480
- - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:688
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:3672
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:6928
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:12308
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:5048
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:6756
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:10352
- - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
    3⤵
    PID:3352
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:5656
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:12408
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:10384
- - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
    3⤵
    PID:4596
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:10256
- - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
    3⤵
    PID:6952
- - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
    3⤵
    PID:13228
- C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2416
- - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:568
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2856
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:3304
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        7⤵
        
        PID:15300
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:8596
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:4408
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:8588
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:5932
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:11048
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:8412
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:3012
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:4980
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:12676
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:6352
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:11824
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:4124
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:7292
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:11664
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:6248
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:14992
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:12716
- - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1768
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:3188
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:5324
      - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        6⤵
        
        PID:9716
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:8980
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:4288
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:8444
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:13388
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:6464
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:9476
- - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
    3⤵
    PID:2612
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:4844
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:11936
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:7324
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:11912
- - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
    3⤵
    PID:4064
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:8628
- - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
    3⤵
    PID:6124
- - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
    3⤵
    PID:11684
- C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:2600
- - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2000
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:3228
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:5580
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:8972
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:4312
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:7300
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:12504
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:6740
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:10408
- - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
    3⤵
    PID:2660
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:4804
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:10248
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:7204
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:12788
- - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
    3⤵
    PID:4080
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:8852
- - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
    3⤵
    PID:6108
- - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
    3⤵
    PID:12388
- C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:1356
- - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
    3⤵
    PID:2932
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:4260
    - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
        5⤵
        
        PID:8924
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:6732
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:10428
- - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
    3⤵
    PID:3936
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:8460
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:13144
- - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
    3⤵
    PID:5924
- - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
    3⤵
    PID:8836
- C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
  2⤵
  PID:2672
- - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
    3⤵
    PID:4200
  - - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
      4⤵
      PID:8892
- - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
    3⤵
    PID:6488
- - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
    3⤵
    PID:11700
- C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
  2⤵
  PID:3820
- - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
    3⤵
    PID:6256
- - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
    3⤵
    PID:12748
- C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
  2⤵
  PID:5352
- - C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
    3⤵
    PID:10508
- C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\71abcf5eebc9525cc15e3637604f75f0N.exe"
  2⤵
  PID:9020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\malaysia beastiality fucking full movie swallow (Sarah,Sonja).mpeg.exe

Filesize
269KB

MD5
e399354cb2312063b01d03f5f326e232

SHA1
44770a6fde01e50ad3c005f2a260ff5edff1f31a

SHA256
409d6b5aee3def068a3d9e15e906c13c8c516697932f922ba7fd8115882f457e

SHA512
539b87767941fa9c7f8e2fe790afa424c1e6aa0a0f4feb921579e2f9c4239949cd53ec12daa159aa84d097fd50c4af23a5b5d7d45193584e629e8739c7f28e96

Download Submit