dfc3051aedc57542fc4330141760e6cbb585b70693b8ea50242a1ec4d8e1f3df

Analysis

max time kernel
27s
max time network
120s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
23/08/2024, 05:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c410248ba1919f72cc01699aef0ea830N.exe
Size

1.0MB
MD5

c410248ba1919f72cc01699aef0ea830
SHA1

9295abbd7ed1c85e0c75021d7d37e952f7978229
SHA256

dfc3051aedc57542fc4330141760e6cbb585b70693b8ea50242a1ec4d8e1f3df
SHA512

ebd54a1e3f04939840045fcac2185b17bbb46968e9fbd2565c05df8c8c4773644daa9b6180815cb2d0811ecf2ba8716f555d5e30fbe653e0a5b29d9fdc5f4f24
SSDEEP

24576:C9r7ebijuy/TWVSvxDmZJjmO8tUUIk4Kui++Gk0V:C97VjxmSpSZJjmOmUZe++7w

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	c410248ba1919f72cc01699aef0ea830N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\L:	c410248ba1919f72cc01699aef0ea830N.exe
File opened (read-only)	\??\Q:	c410248ba1919f72cc01699aef0ea830N.exe
File opened (read-only)	\??\U:	c410248ba1919f72cc01699aef0ea830N.exe
File opened (read-only)	\??\V:	c410248ba1919f72cc01699aef0ea830N.exe
File opened (read-only)	\??\W:	c410248ba1919f72cc01699aef0ea830N.exe
File opened (read-only)	\??\J:	c410248ba1919f72cc01699aef0ea830N.exe
File opened (read-only)	\??\M:	c410248ba1919f72cc01699aef0ea830N.exe
File opened (read-only)	\??\R:	c410248ba1919f72cc01699aef0ea830N.exe
File opened (read-only)	\??\S:	c410248ba1919f72cc01699aef0ea830N.exe
File opened (read-only)	\??\T:	c410248ba1919f72cc01699aef0ea830N.exe
File opened (read-only)	\??\Z:	c410248ba1919f72cc01699aef0ea830N.exe
File opened (read-only)	\??\G:	c410248ba1919f72cc01699aef0ea830N.exe
File opened (read-only)	\??\H:	c410248ba1919f72cc01699aef0ea830N.exe
File opened (read-only)	\??\I:	c410248ba1919f72cc01699aef0ea830N.exe
File opened (read-only)	\??\P:	c410248ba1919f72cc01699aef0ea830N.exe
File opened (read-only)	\??\X:	c410248ba1919f72cc01699aef0ea830N.exe
File opened (read-only)	\??\E:	c410248ba1919f72cc01699aef0ea830N.exe
File opened (read-only)	\??\B:	c410248ba1919f72cc01699aef0ea830N.exe
File opened (read-only)	\??\K:	c410248ba1919f72cc01699aef0ea830N.exe
File opened (read-only)	\??\N:	c410248ba1919f72cc01699aef0ea830N.exe
File opened (read-only)	\??\O:	c410248ba1919f72cc01699aef0ea830N.exe
File opened (read-only)	\??\Y:	c410248ba1919f72cc01699aef0ea830N.exe
File opened (read-only)	\??\A:	c410248ba1919f72cc01699aef0ea830N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\american animal lingerie hot (!) .rar.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\blowjob public ash .rar.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\swedish fetish beast full movie (Jade).mpeg.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\SysWOW64\FxsTmp\danish porn blowjob lesbian .mpg.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\System32\DriverStore\Temp\trambling masturbation beautyfull .mpg.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\SysWOW64\FxsTmp\trambling [milf] titts .zip.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\SysWOW64\IME\shared\blowjob masturbation titts sweet .mpeg.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\brasilian beastiality blowjob masturbation shoes .avi.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\horse catfight hole .rar.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\SysWOW64\IME\shared\italian gang bang bukkake lesbian .avi.exe	c410248ba1919f72cc01699aef0ea830N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Google\Temp\swedish handjob gay licking feet 50+ (Jade).mpeg.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\indian kicking sperm catfight granny .zip.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Program Files\DVD Maker\Shared\horse hidden (Jade).zip.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Program Files\Windows Journal\Templates\xxx [milf] high heels .mpg.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\fucking lesbian 40+ .zip.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\japanese animal beast [bangbus] granny .avi.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\danish fetish fucking lesbian titts stockings (Liz).mpeg.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Program Files (x86)\Google\Update\Download\black nude bukkake sleeping cock .rar.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\lingerie [bangbus] (Melissa).mpeg.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\xxx lesbian .zip.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\gay licking (Sylvia).rar.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\trambling [bangbus] glans high heels .zip.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\swedish animal lesbian sleeping (Curtney).mpeg.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\brasilian beastiality hardcore big feet young .zip.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\indian handjob hardcore girls .zip.exe	c410248ba1919f72cc01699aef0ea830N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\Downloaded Program Files\indian cum sperm sleeping titts gorgeoushorny (Janette).mpg.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\horse public fishy .mpg.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\beast full movie feet .mpg.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\beast full movie feet leather .rar.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\lesbian voyeur (Liz).mpeg.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\american horse bukkake big glans (Sonja,Sylvia).rar.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\fucking voyeur mistress .mpg.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\american handjob trambling masturbation (Karin).mpeg.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\fucking several models .avi.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\indian nude trambling [milf] .avi.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\malaysia lesbian catfight cock .mpeg.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\african trambling voyeur 50+ .mpeg.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\animal xxx several models hole .avi.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\xxx several models wifey .avi.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\gang bang bukkake hot (!) hotel .zip.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\lesbian hot (!) balls .rar.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\russian action hardcore catfight (Jade).rar.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\beastiality fucking girls cock .avi.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\chinese gay licking (Sylvia).mpg.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\swedish porn gay voyeur (Karin).zip.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\sperm several models feet .mpeg.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\danish nude sperm masturbation granny (Sonja,Liz).mpeg.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\japanese porn gay catfight gorgeoushorny .zip.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\danish gang bang bukkake lesbian YEâPSè& .mpeg.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\horse bukkake voyeur 50+ .avi.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\handjob horse uncut titts circumcision .rar.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\fucking licking blondie .zip.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\beast lesbian bedroom .mpg.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\spanish horse uncut cock femdom .zip.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\nude gay masturbation mature .mpeg.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\russian fetish fucking sleeping feet .mpg.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\french trambling lesbian cock (Kathrin,Samantha).mpeg.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\american action lesbian hot (!) cock black hairunshaved .zip.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\action bukkake voyeur hole .zip.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\lesbian girls hole latex .mpg.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\kicking lesbian [free] ejaculation .avi.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\chinese xxx masturbation fishy .mpeg.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\swedish porn bukkake licking redhair .avi.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\tyrkish fetish trambling hidden cock gorgeoushorny .mpeg.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\fucking [free] black hairunshaved .rar.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\indian porn fucking licking balls .mpg.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\tyrkish animal blowjob uncut pregnant .mpeg.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\lesbian masturbation cock .avi.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\black animal blowjob [free] pregnant (Sonja,Tatjana).mpg.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\winsxs\InstallTemp\malaysia gay voyeur (Sarah).avi.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\assembly\tmp\brasilian cum fucking masturbation titts hotel .mpeg.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\PLA\Templates\russian kicking blowjob [milf] 40+ .mpeg.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\tyrkish cumshot bukkake sleeping titts .rar.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\beast uncut YEâPSè& .rar.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\malaysia horse public titts castration (Karin).rar.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\black animal xxx voyeur circumcision .avi.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\security\templates\japanese porn xxx voyeur glans .mpg.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\italian cum blowjob licking .zip.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\canadian lesbian uncut 50+ .zip.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\chinese fucking hidden circumcision .avi.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\malaysia beast public hole .rar.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\beast [free] cock .zip.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\american beastiality lingerie hidden titts boots .zip.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\chinese trambling big .zip.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\sperm voyeur .mpeg.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\canadian gay full movie hole .avi.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\asian sperm big hole .mpg.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\bukkake voyeur upskirt .zip.exe	c410248ba1919f72cc01699aef0ea830N.exe
File created	C:\Windows\mssrv.exe	c410248ba1919f72cc01699aef0ea830N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
7012	2168	WerFault.exe	29

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c410248ba1919f72cc01699aef0ea830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c410248ba1919f72cc01699aef0ea830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c410248ba1919f72cc01699aef0ea830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c410248ba1919f72cc01699aef0ea830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c410248ba1919f72cc01699aef0ea830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c410248ba1919f72cc01699aef0ea830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c410248ba1919f72cc01699aef0ea830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c410248ba1919f72cc01699aef0ea830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c410248ba1919f72cc01699aef0ea830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c410248ba1919f72cc01699aef0ea830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c410248ba1919f72cc01699aef0ea830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c410248ba1919f72cc01699aef0ea830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c410248ba1919f72cc01699aef0ea830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c410248ba1919f72cc01699aef0ea830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c410248ba1919f72cc01699aef0ea830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c410248ba1919f72cc01699aef0ea830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c410248ba1919f72cc01699aef0ea830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c410248ba1919f72cc01699aef0ea830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c410248ba1919f72cc01699aef0ea830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c410248ba1919f72cc01699aef0ea830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c410248ba1919f72cc01699aef0ea830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c410248ba1919f72cc01699aef0ea830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c410248ba1919f72cc01699aef0ea830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c410248ba1919f72cc01699aef0ea830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c410248ba1919f72cc01699aef0ea830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c410248ba1919f72cc01699aef0ea830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c410248ba1919f72cc01699aef0ea830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c410248ba1919f72cc01699aef0ea830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c410248ba1919f72cc01699aef0ea830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c410248ba1919f72cc01699aef0ea830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c410248ba1919f72cc01699aef0ea830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c410248ba1919f72cc01699aef0ea830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c410248ba1919f72cc01699aef0ea830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c410248ba1919f72cc01699aef0ea830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c410248ba1919f72cc01699aef0ea830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c410248ba1919f72cc01699aef0ea830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c410248ba1919f72cc01699aef0ea830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c410248ba1919f72cc01699aef0ea830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c410248ba1919f72cc01699aef0ea830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c410248ba1919f72cc01699aef0ea830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c410248ba1919f72cc01699aef0ea830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c410248ba1919f72cc01699aef0ea830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c410248ba1919f72cc01699aef0ea830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c410248ba1919f72cc01699aef0ea830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c410248ba1919f72cc01699aef0ea830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c410248ba1919f72cc01699aef0ea830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c410248ba1919f72cc01699aef0ea830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c410248ba1919f72cc01699aef0ea830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c410248ba1919f72cc01699aef0ea830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c410248ba1919f72cc01699aef0ea830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c410248ba1919f72cc01699aef0ea830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c410248ba1919f72cc01699aef0ea830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c410248ba1919f72cc01699aef0ea830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c410248ba1919f72cc01699aef0ea830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c410248ba1919f72cc01699aef0ea830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c410248ba1919f72cc01699aef0ea830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c410248ba1919f72cc01699aef0ea830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c410248ba1919f72cc01699aef0ea830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c410248ba1919f72cc01699aef0ea830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c410248ba1919f72cc01699aef0ea830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c410248ba1919f72cc01699aef0ea830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c410248ba1919f72cc01699aef0ea830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c410248ba1919f72cc01699aef0ea830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c410248ba1919f72cc01699aef0ea830N.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2168	c410248ba1919f72cc01699aef0ea830N.exe
2520	c410248ba1919f72cc01699aef0ea830N.exe
2168	c410248ba1919f72cc01699aef0ea830N.exe
2968	c410248ba1919f72cc01699aef0ea830N.exe
2936	c410248ba1919f72cc01699aef0ea830N.exe
2520	c410248ba1919f72cc01699aef0ea830N.exe
2168	c410248ba1919f72cc01699aef0ea830N.exe
1060	c410248ba1919f72cc01699aef0ea830N.exe
1604	c410248ba1919f72cc01699aef0ea830N.exe
2316	c410248ba1919f72cc01699aef0ea830N.exe
2968	c410248ba1919f72cc01699aef0ea830N.exe
2324	c410248ba1919f72cc01699aef0ea830N.exe
2936	c410248ba1919f72cc01699aef0ea830N.exe
2520	c410248ba1919f72cc01699aef0ea830N.exe
2168	c410248ba1919f72cc01699aef0ea830N.exe
2288	c410248ba1919f72cc01699aef0ea830N.exe
1060	c410248ba1919f72cc01699aef0ea830N.exe
1452	c410248ba1919f72cc01699aef0ea830N.exe
1964	c410248ba1919f72cc01699aef0ea830N.exe
1932	c410248ba1919f72cc01699aef0ea830N.exe
620	c410248ba1919f72cc01699aef0ea830N.exe
1736	c410248ba1919f72cc01699aef0ea830N.exe
1604	c410248ba1919f72cc01699aef0ea830N.exe
2968	c410248ba1919f72cc01699aef0ea830N.exe
2316	c410248ba1919f72cc01699aef0ea830N.exe
1356	c410248ba1919f72cc01699aef0ea830N.exe
828	c410248ba1919f72cc01699aef0ea830N.exe
2520	c410248ba1919f72cc01699aef0ea830N.exe
2936	c410248ba1919f72cc01699aef0ea830N.exe
2324	c410248ba1919f72cc01699aef0ea830N.exe
2168	c410248ba1919f72cc01699aef0ea830N.exe
2812	c410248ba1919f72cc01699aef0ea830N.exe
528	c410248ba1919f72cc01699aef0ea830N.exe
600	c410248ba1919f72cc01699aef0ea830N.exe
1600	c410248ba1919f72cc01699aef0ea830N.exe
2288	c410248ba1919f72cc01699aef0ea830N.exe
1404	c410248ba1919f72cc01699aef0ea830N.exe
1060	c410248ba1919f72cc01699aef0ea830N.exe
1272	c410248ba1919f72cc01699aef0ea830N.exe
2860	c410248ba1919f72cc01699aef0ea830N.exe
1964	c410248ba1919f72cc01699aef0ea830N.exe
1932	c410248ba1919f72cc01699aef0ea830N.exe
1932	c410248ba1919f72cc01699aef0ea830N.exe
1604	c410248ba1919f72cc01699aef0ea830N.exe
1604	c410248ba1919f72cc01699aef0ea830N.exe
1452	c410248ba1919f72cc01699aef0ea830N.exe
1452	c410248ba1919f72cc01699aef0ea830N.exe
620	c410248ba1919f72cc01699aef0ea830N.exe
620	c410248ba1919f72cc01699aef0ea830N.exe
1292	c410248ba1919f72cc01699aef0ea830N.exe
1292	c410248ba1919f72cc01699aef0ea830N.exe
2472	c410248ba1919f72cc01699aef0ea830N.exe
2472	c410248ba1919f72cc01699aef0ea830N.exe
1784	c410248ba1919f72cc01699aef0ea830N.exe
1784	c410248ba1919f72cc01699aef0ea830N.exe
1108	c410248ba1919f72cc01699aef0ea830N.exe
1108	c410248ba1919f72cc01699aef0ea830N.exe
1748	c410248ba1919f72cc01699aef0ea830N.exe
1748	c410248ba1919f72cc01699aef0ea830N.exe
1040	c410248ba1919f72cc01699aef0ea830N.exe
1040	c410248ba1919f72cc01699aef0ea830N.exe
1040	c410248ba1919f72cc01699aef0ea830N.exe
2316	c410248ba1919f72cc01699aef0ea830N.exe
2316	c410248ba1919f72cc01699aef0ea830N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2168 wrote to memory of 2520	2168	c410248ba1919f72cc01699aef0ea830N.exe	31
PID 2168 wrote to memory of 2520	2168	c410248ba1919f72cc01699aef0ea830N.exe	31
PID 2168 wrote to memory of 2520	2168	c410248ba1919f72cc01699aef0ea830N.exe	31
PID 2168 wrote to memory of 2520	2168	c410248ba1919f72cc01699aef0ea830N.exe	31
PID 2520 wrote to memory of 2968	2520	c410248ba1919f72cc01699aef0ea830N.exe	32
PID 2520 wrote to memory of 2968	2520	c410248ba1919f72cc01699aef0ea830N.exe	32
PID 2520 wrote to memory of 2968	2520	c410248ba1919f72cc01699aef0ea830N.exe	32
PID 2520 wrote to memory of 2968	2520	c410248ba1919f72cc01699aef0ea830N.exe	32
PID 2168 wrote to memory of 2936	2168	c410248ba1919f72cc01699aef0ea830N.exe	33
PID 2168 wrote to memory of 2936	2168	c410248ba1919f72cc01699aef0ea830N.exe	33
PID 2168 wrote to memory of 2936	2168	c410248ba1919f72cc01699aef0ea830N.exe	33
PID 2168 wrote to memory of 2936	2168	c410248ba1919f72cc01699aef0ea830N.exe	33
PID 2968 wrote to memory of 1060	2968	c410248ba1919f72cc01699aef0ea830N.exe	34
PID 2968 wrote to memory of 1060	2968	c410248ba1919f72cc01699aef0ea830N.exe	34
PID 2968 wrote to memory of 1060	2968	c410248ba1919f72cc01699aef0ea830N.exe	34
PID 2968 wrote to memory of 1060	2968	c410248ba1919f72cc01699aef0ea830N.exe	34
PID 2936 wrote to memory of 1604	2936	c410248ba1919f72cc01699aef0ea830N.exe	35
PID 2936 wrote to memory of 1604	2936	c410248ba1919f72cc01699aef0ea830N.exe	35
PID 2936 wrote to memory of 1604	2936	c410248ba1919f72cc01699aef0ea830N.exe	35
PID 2936 wrote to memory of 1604	2936	c410248ba1919f72cc01699aef0ea830N.exe	35
PID 2520 wrote to memory of 2316	2520	c410248ba1919f72cc01699aef0ea830N.exe	36
PID 2520 wrote to memory of 2316	2520	c410248ba1919f72cc01699aef0ea830N.exe	36
PID 2520 wrote to memory of 2316	2520	c410248ba1919f72cc01699aef0ea830N.exe	36
PID 2520 wrote to memory of 2316	2520	c410248ba1919f72cc01699aef0ea830N.exe	36
PID 2168 wrote to memory of 2324	2168	c410248ba1919f72cc01699aef0ea830N.exe	37
PID 2168 wrote to memory of 2324	2168	c410248ba1919f72cc01699aef0ea830N.exe	37
PID 2168 wrote to memory of 2324	2168	c410248ba1919f72cc01699aef0ea830N.exe	37
PID 2168 wrote to memory of 2324	2168	c410248ba1919f72cc01699aef0ea830N.exe	37
PID 1060 wrote to memory of 2288	1060	c410248ba1919f72cc01699aef0ea830N.exe	38
PID 1060 wrote to memory of 2288	1060	c410248ba1919f72cc01699aef0ea830N.exe	38
PID 1060 wrote to memory of 2288	1060	c410248ba1919f72cc01699aef0ea830N.exe	38
PID 1060 wrote to memory of 2288	1060	c410248ba1919f72cc01699aef0ea830N.exe	38
PID 1604 wrote to memory of 1964	1604	c410248ba1919f72cc01699aef0ea830N.exe	39
PID 1604 wrote to memory of 1964	1604	c410248ba1919f72cc01699aef0ea830N.exe	39
PID 1604 wrote to memory of 1964	1604	c410248ba1919f72cc01699aef0ea830N.exe	39
PID 1604 wrote to memory of 1964	1604	c410248ba1919f72cc01699aef0ea830N.exe	39
PID 2968 wrote to memory of 1452	2968	c410248ba1919f72cc01699aef0ea830N.exe	40
PID 2968 wrote to memory of 1452	2968	c410248ba1919f72cc01699aef0ea830N.exe	40
PID 2968 wrote to memory of 1452	2968	c410248ba1919f72cc01699aef0ea830N.exe	40
PID 2968 wrote to memory of 1452	2968	c410248ba1919f72cc01699aef0ea830N.exe	40
PID 2316 wrote to memory of 1932	2316	c410248ba1919f72cc01699aef0ea830N.exe	41
PID 2316 wrote to memory of 1932	2316	c410248ba1919f72cc01699aef0ea830N.exe	41
PID 2316 wrote to memory of 1932	2316	c410248ba1919f72cc01699aef0ea830N.exe	41
PID 2316 wrote to memory of 1932	2316	c410248ba1919f72cc01699aef0ea830N.exe	41
PID 2520 wrote to memory of 620	2520	c410248ba1919f72cc01699aef0ea830N.exe	42
PID 2520 wrote to memory of 620	2520	c410248ba1919f72cc01699aef0ea830N.exe	42
PID 2520 wrote to memory of 620	2520	c410248ba1919f72cc01699aef0ea830N.exe	42
PID 2520 wrote to memory of 620	2520	c410248ba1919f72cc01699aef0ea830N.exe	42
PID 2936 wrote to memory of 1736	2936	c410248ba1919f72cc01699aef0ea830N.exe	43
PID 2936 wrote to memory of 1736	2936	c410248ba1919f72cc01699aef0ea830N.exe	43
PID 2936 wrote to memory of 1736	2936	c410248ba1919f72cc01699aef0ea830N.exe	43
PID 2936 wrote to memory of 1736	2936	c410248ba1919f72cc01699aef0ea830N.exe	43
PID 2324 wrote to memory of 1356	2324	c410248ba1919f72cc01699aef0ea830N.exe	44
PID 2324 wrote to memory of 1356	2324	c410248ba1919f72cc01699aef0ea830N.exe	44
PID 2324 wrote to memory of 1356	2324	c410248ba1919f72cc01699aef0ea830N.exe	44
PID 2324 wrote to memory of 1356	2324	c410248ba1919f72cc01699aef0ea830N.exe	44
PID 2168 wrote to memory of 828	2168	c410248ba1919f72cc01699aef0ea830N.exe	45
PID 2168 wrote to memory of 828	2168	c410248ba1919f72cc01699aef0ea830N.exe	45
PID 2168 wrote to memory of 828	2168	c410248ba1919f72cc01699aef0ea830N.exe	45
PID 2168 wrote to memory of 828	2168	c410248ba1919f72cc01699aef0ea830N.exe	45
PID 2288 wrote to memory of 2812	2288	c410248ba1919f72cc01699aef0ea830N.exe	46
PID 2288 wrote to memory of 2812	2288	c410248ba1919f72cc01699aef0ea830N.exe	46
PID 2288 wrote to memory of 2812	2288	c410248ba1919f72cc01699aef0ea830N.exe	46
PID 2288 wrote to memory of 2812	2288	c410248ba1919f72cc01699aef0ea830N.exe	46

C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
"C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2168
- C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
  "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2520
- - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
    "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2968
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1060
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2288
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        8⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        9⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        10⤵
        
        PID:11000
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        10⤵
        
        PID:18344
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        9⤵
        
        PID:8344
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        9⤵
        
        PID:10320
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        9⤵
        
        PID:22716
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        8⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        9⤵
        
        PID:9540
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        9⤵
        
        PID:19420
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        8⤵
        
        PID:7656
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        8⤵
        
        PID:12652
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        8⤵
        
        PID:23292
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        8⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        9⤵
        
        PID:11492
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        9⤵
        
        PID:20096
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        8⤵
        
        PID:8544
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        8⤵
        
        PID:14892
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        8⤵
        
        PID:9600
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        8⤵
        
        PID:20120
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:7548
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:12588
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        8⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        9⤵
        
        PID:12164
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        9⤵
        
        PID:23908
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        8⤵
        
        PID:8708
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        8⤵
        
        PID:14268
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        8⤵
        
        PID:10140
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        8⤵
        
        PID:20184
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:7728
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:12668
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:23168
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        8⤵
        
        PID:11620
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        8⤵
        
        PID:21772
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:9188
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:17768
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:9876
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:13540
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:23084
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:7856
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:12736
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:528
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        8⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        9⤵
        
        PID:11428
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        9⤵
        
        PID:17900
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        8⤵
        
        PID:8568
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        8⤵
        
        PID:14340
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        8⤵
        
        PID:9572
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        9⤵
        
        PID:17548
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        8⤵
        
        PID:17720
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:7756
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:12612
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        8⤵
        
        PID:10988
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        8⤵
        
        PID:20224
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:8576
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:14668
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:9788
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:13516
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:23072
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:7664
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:11596
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:20160
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:2284
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        8⤵
        
        PID:11668
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        8⤵
        
        PID:22676
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:9180
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:17684
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:9856
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:13524
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:1620
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:7824
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:12692
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:3688
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:11676
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:21892
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:9156
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:17784
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:5272
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:10264
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:19952
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:7848
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:12628
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1452
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1404
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        8⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        9⤵
        
        PID:13436
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        9⤵
        
        PID:22252
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        8⤵
        
        PID:10208
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        8⤵
        
        PID:21624
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        8⤵
        
        PID:11644
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        8⤵
        
        PID:19920
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:8536
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:14972
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        8⤵
        
        PID:13460
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        8⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:10148
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:20240
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:10812
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:14724
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:8248
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:14300
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2112
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        8⤵
        
        PID:17604
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:10836
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:14236
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:11396
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:936
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:8872
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:17508
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:3784
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:13564
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:23104
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:1000
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:20008
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:5556
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:10788
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:14684
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:8584
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:14700
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2472
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2620
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:7560
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:12596
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:14236
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:156
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:13476
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:1476
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:9640
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:19968
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3904
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:14332
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:11356
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:20200
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:5876
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:12172
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:3296
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:8780
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:17484
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2912
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:4756
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:8700
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:18508
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:14788
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:6860
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:17532
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:10732
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:14660
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:4120
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:7284
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:17876
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:11304
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:23200
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:5968
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:12220
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:17600
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:9148
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:17648
- - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
    "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2316
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1932
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:600
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        8⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        9⤵
        
        PID:12212
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        9⤵
        
        PID:23920
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        8⤵
        
        PID:8820
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        8⤵
        
        PID:17620
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        8⤵
        
        PID:9808
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        8⤵
        
        PID:13532
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:7540
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        8⤵
        
        PID:18492
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:12580
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        8⤵
        
        PID:11660
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        8⤵
        
        PID:23120
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:9092
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:17540
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:10176
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:20016
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:7704
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:12196
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:23160
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:3068
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        8⤵
        
        PID:14676
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:10528
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:20176
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:11312
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:22208
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:8748
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:17612
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:3712
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:13492
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:3232
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:10168
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:17884
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:5368
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:10312
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:20104
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:8084
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:14780
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1292
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:2660
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:7460
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:12188
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:19936
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:12372
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:23184
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:9616
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:17728
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3896
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:14716
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:10764
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:18320
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:5740
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:12364
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:2268
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:8808
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:17596
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:1648
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:4708
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:8560
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:14692
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:6836
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:14708
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:10820
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:17672
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:4112
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:7312
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:19372
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:11860
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:22336
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:5988
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:11628
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:20000
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:9084
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:17792
- - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
    "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:620
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1272
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1576
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        8⤵
        
        PID:14796
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:11344
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:22200
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:11476
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:20268
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:8716
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:18292
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:14252
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:3724
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:12156
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:23112
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:9624
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:19976
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:5384
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:10292
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:19992
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:8076
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:12704
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:2640
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4084
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:18540
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:11588
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:21804
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:5960
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:11484
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:23208
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:9172
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:17800
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:3824
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:6424
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:13444
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:3224
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:10216
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:19868
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:5548
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:10748
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:18336
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:8296
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:18524
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:14732
- - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
    "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1784
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:1832
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4548
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:8240
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:11256
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:21796
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:6548
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:13468
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:10248
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:19908
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4060
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:7192
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:14276
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:11336
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:19984
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:5920
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:12204
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:19876
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:9100
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:16400
- - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
    "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
    3⤵
    PID:3168
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:4804
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:8680
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:14772
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:7048
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:14308
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:10980
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:17588
- - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
    "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
    3⤵
    PID:4144
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:7696
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:11876
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:21532
- - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
    "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
    3⤵
    PID:6060
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:11636
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:21824
- - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
    "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
    3⤵
    PID:9108
- - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
    "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
    3⤵
    PID:14980
- C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
  "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2936
- - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
    "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1604
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1964
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1600
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        8⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        9⤵
        
        PID:13484
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        9⤵
        
        PID:23176
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        8⤵
        
        PID:10520
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        8⤵
        
        PID:22236
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        8⤵
        
        PID:8552
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        8⤵
        
        PID:14748
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:8636
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:14260
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        8⤵
        
        PID:11836
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        8⤵
        
        PID:22244
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:9504
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:20080
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:10856
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:18564
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:8256
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:18516
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:14324
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1840
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        8⤵
        
        PID:12356
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        8⤵
        
        PID:21856
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:9632
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:19944
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:11040
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:19852
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:8092
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:12756
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:23372
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:3680
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:12396
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:1492
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:9320
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:20192
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:5296
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:10272
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:17892
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:8004
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:12676
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:23152
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:2712
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:12636
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:12644
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:23224
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:9656
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:20276
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3880
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:15400
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:10756
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:14316
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5748
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:8648
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:14764
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:8800
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:14964
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3040
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:4016
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:17852
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:11380
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:23064
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:5912
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:11580
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:21868
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:9164
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:18300
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3752
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:6276
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:13508
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:23232
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:10256
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:20024
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:5504
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:10800
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:14348
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:8320
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:11248
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:23136
- - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
    "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1736
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1040
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:2988
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:8356
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:11272
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:23384
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:13980
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:23216
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:10828
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:17656
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:4128
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:7504
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:12620
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:6028
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:12388
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:2656
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:9328
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:17808
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3316
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:5004
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:9256
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:17760
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:7368
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:20216
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:11604
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:20168
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4448
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:7936
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:12764
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:20152
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:6468
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:13968
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:10192
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:19928
- - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
    "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1108
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2676
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4572
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:8284
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:14356
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:6588
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:14756
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:10512
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:19884
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:4068
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:7252
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:18532
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:11868
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:23040
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:5952
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:12228
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:8772
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:14244
- - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
    "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3176
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4920
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:8756
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:17664
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:7144
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:17824
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:10844
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:18328
- - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
    "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4168
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:7608
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:12660
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:23392
- - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
    "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
    3⤵
    PID:6076
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:11652
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:21816
- - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
    "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
    3⤵
    PID:9124
- - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
    "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
    3⤵
    PID:18368
- C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
  "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2324
- - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
    "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1356
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:548
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:3300
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:9264
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:17752
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        7⤵
        
        PID:18548
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:11852
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:23432
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4456
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:7956
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:12720
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:6476
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:14880
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:10200
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:20144
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:3324
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:5060
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:9224
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:18356
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:7432
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:12604
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4464
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:7972
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:12684
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:23192
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:6492
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:17556
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:10504
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:20052
- - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
    "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1748
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2568
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4412
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:7716
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:12180
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:23096
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:6452
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:13452
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:10232
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:20232
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:4052
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:7240
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:17176
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:11364
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:20252
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:5928
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:11612
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:21832
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:9140
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:17640
- - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
    "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3184
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:4932
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:9052
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:17252
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:6968
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:17908
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:11372
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:20208
- - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
    "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
    3⤵
    PID:4192
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:7512
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:12420
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:2880
- - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
    "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
    3⤵
    PID:6068
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:12380
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:2416
- - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
    "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
    3⤵
    PID:9116
- - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
    "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
    3⤵
    PID:17456
- C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
  "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:828
- - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
    "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:940
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3160
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4896
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:9132
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:17776
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:7136
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:17868
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:11296
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:23128
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4248
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:7448
      - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        6⤵
        
        PID:18500
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:11560
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:20136
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:6116
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:12412
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:572
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:9488
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:18308
- - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
    "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
    3⤵
    PID:3332
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:5036
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:9496
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:20088
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:7376
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:11328
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:23144
- - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
    "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4472
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:8068
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:12712
- - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
    "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
    3⤵
    PID:6484
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:13500
- - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
    "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
    3⤵
    PID:10224
- - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
    "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
    3⤵
    PID:20112
- C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
  "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
  2⤵
  PID:1968
- - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
    "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3152
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:4796
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:8764
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:17068
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:7040
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:14804
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:11008
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:17816
- - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
    "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4136
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:7392
    - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
        5⤵
        
        PID:17580
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:11320
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:20128
- - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
    "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
    3⤵
    PID:6052
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:12404
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:22952
- - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
    "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
    3⤵
    PID:9648
- - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
    "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
    3⤵
    PID:19900
- C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
  "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
  2⤵
  PID:3288
- - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
    "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4988
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:8856
  - - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
      "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
      4⤵
      PID:14740
- - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
    "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
    3⤵
    PID:7340
- - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
    "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
    3⤵
    PID:11568
- - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
    "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
    3⤵
    PID:19960
- C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
  "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4440
- - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
    "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
    3⤵
    PID:7900
- - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
    "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
    3⤵
    PID:12728
- C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
  "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
  2⤵
  PID:6460
- - C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
    "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
    3⤵
    PID:15392
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 544
  2⤵
  - Program crash
  PID:7012
- C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe
  "C:\Users\Admin\AppData\Local\Temp\c410248ba1919f72cc01699aef0ea830N.exe"
  2⤵
  PID:10184

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\gay licking (Sylvia).rar.exe

Filesize
198KB

MD5
72c94411e4a4ea729780eb2baa82d476

SHA1
a4157238c1bf451360aa8db191967de3e9f5ec40

SHA256
8440c78f890b4be1d65ae40a0a6fb816cb84fcb5c24d598d89ac9af0bf2423c2

SHA512
5a0379766c209419cbe4688d716bc66c525e1ca25298c8418f32c2483adc83d9ab1aad2aa2cac42226ad100d9604c0f055cfa4a92226bf55454f7ae8eed37e24

Download Submit
C:\debug.txt

Filesize
183B

MD5
72da178d52834d8dfe62de75d14740de

SHA1
7f6f8a18fe0e23ef0d75106ee53544f0b4b29321

SHA256
eefd234d4af6dd2987924a0a627f89ae5f4fcb06edfed7d7fe87344adaa4ad41

SHA512
5d290eb2bcc758d1c74695783a3ccdc22516901a526a24cf2dc88fcce8a7591d5ccfadc0b9da9dbe42d12bdce017c0f267d9e5c214b1cdf249be99f531df8505

Download Submit