7f3189de71aaa525e42941cf26fcb6d69caddf347e6fc4774c32ef10ef55c194

Analysis

max time kernel
117s
max time network
120s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
23/08/2024, 06:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

11fbbc8979cfcb34c6cfed92bc22a830N.exe
Size

2.0MB
MD5

11fbbc8979cfcb34c6cfed92bc22a830
SHA1

e627e9577025b9797e46d22b0245b474f59db701
SHA256

7f3189de71aaa525e42941cf26fcb6d69caddf347e6fc4774c32ef10ef55c194
SHA512

23fcdbd3a3e59fd9cbb744866e0726f03233c9dccb01dac93174738915919c358ffeadfb3471476f22d7a2cc400d4892d13f04f059c5ee543562304a1060af83
SSDEEP

49152:VEiunRyf/H5+OHo5gysMK3sxeNGsWgG0snM:OxOI50FNmcsnM

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 6 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation	11fbbc8979cfcb34c6cfed92bc22a830N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation	11fbbc8979cfcb34c6cfed92bc22a830N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation	11fbbc8979cfcb34c6cfed92bc22a830N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation	11fbbc8979cfcb34c6cfed92bc22a830N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation	11fbbc8979cfcb34c6cfed92bc22a830N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation	11fbbc8979cfcb34c6cfed92bc22a830N.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	11fbbc8979cfcb34c6cfed92bc22a830N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Z:	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File opened (read-only)	\??\G:	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File opened (read-only)	\??\L:	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File opened (read-only)	\??\N:	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File opened (read-only)	\??\O:	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File opened (read-only)	\??\P:	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File opened (read-only)	\??\U:	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File opened (read-only)	\??\V:	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File opened (read-only)	\??\B:	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File opened (read-only)	\??\H:	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File opened (read-only)	\??\I:	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File opened (read-only)	\??\J:	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File opened (read-only)	\??\R:	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File opened (read-only)	\??\Y:	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File opened (read-only)	\??\K:	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File opened (read-only)	\??\T:	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File opened (read-only)	\??\W:	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File opened (read-only)	\??\X:	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File opened (read-only)	\??\A:	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File opened (read-only)	\??\E:	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File opened (read-only)	\??\M:	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File opened (read-only)	\??\Q:	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File opened (read-only)	\??\S:	11fbbc8979cfcb34c6cfed92bc22a830N.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\danish horse gay uncut titts (Kathrin,Liz).mpg.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File created	C:\Windows\System32\DriverStore\Temp\american nude blowjob [bangbus] .mpg.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\hardcore voyeur .zip.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\italian gang bang bukkake sleeping bedroom (Christine,Karin).mpeg.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\russian action trambling [bangbus] (Janette).zip.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File created	C:\Windows\SysWOW64\FxsTmp\chinese lesbian full movie .zip.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\black beastiality beast sleeping (Sarah).mpg.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\brasilian gang bang bukkake hidden (Jade).zip.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File created	C:\Windows\SysWOW64\FxsTmp\japanese beastiality bukkake hidden (Tatjana).mpeg.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\hardcore uncut ash .mpg.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\swedish cumshot xxx [free] .rar.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\tyrkish animal lesbian full movie shower (Anniston,Sarah).mpg.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe

Drops file in Program Files directory 19 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\lingerie big hole .zip.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\spanish lingerie several models feet upskirt .rar.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\horse voyeur glans shower .mpg.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File created	C:\Program Files (x86)\Google\Temp\tyrkish porn hardcore uncut feet (Jenna,Tatjana).rar.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU99A0.tmp\american animal hardcore masturbation feet .mpg.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\indian action hardcore [free] high heels .avi.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\beast uncut hole \Û (Liz).rar.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\japanese nude horse masturbation sweet (Ashley,Samantha).mpg.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\american fetish hardcore hidden .rar.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File created	C:\Program Files (x86)\Microsoft\Temp\swedish beastiality lingerie sleeping girly .zip.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\danish beastiality beast full movie pregnant .rar.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File created	C:\Program Files\Common Files\microsoft shared\tyrkish action bukkake uncut boots .zip.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File created	C:\Program Files\Microsoft Office\root\Templates\brasilian animal xxx lesbian 40+ .avi.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\tyrkish kicking fucking licking hole .avi.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\lesbian hot (!) sweet .rar.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\spanish xxx hidden .zip.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File created	C:\Program Files\dotnet\shared\brasilian action sperm lesbian hole traffic .rar.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File created	C:\Program Files (x86)\Google\Update\Download\tyrkish horse beast masturbation (Tatjana).rar.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\russian animal fucking big glans shower .mpg.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe

Drops file in Windows directory 37 IoCs

description	ioc	Process
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\italian animal hardcore full movie titts ejaculation .mpg.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File created	C:\Windows\SoftwareDistribution\Download\japanese horse lesbian public Ôï .avi.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\norwegian hardcore licking hole .rar.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\indian animal lingerie girls hotel .avi.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File created	C:\Windows\assembly\temp\russian beastiality hardcore big blondie .mpg.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\brasilian gang bang gay girls glans .avi.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\hardcore masturbation .mpg.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\french beast sleeping hole sweet .avi.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File created	C:\Windows\mssrv.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\brasilian cumshot hardcore [bangbus] mature .mpg.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\danish cum bukkake big feet pregnant (Tatjana).mpg.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\gay several models feet castration .zip.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\indian animal horse several models glans beautyfull .mpg.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\horse girls bedroom .avi.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\beast [bangbus] cock pregnant .rar.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\swedish handjob horse sleeping feet fishy .avi.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\tyrkish porn bukkake [bangbus] cock beautyfull (Melissa).mpg.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\trambling lesbian mistress .rar.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File created	C:\Windows\Downloaded Program Files\danish horse fucking licking femdom .rar.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\swedish nude xxx [bangbus] .rar.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\horse uncut feet .rar.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\black cum xxx uncut (Sylvia).avi.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\horse masturbation cock ejaculation (Samantha).mpeg.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\malaysia bukkake girls titts wifey (Curtney).avi.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File created	C:\Windows\assembly\tmp\beast [free] sweet .mpg.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File created	C:\Windows\security\templates\trambling catfight (Curtney).mpeg.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\german hardcore uncut shoes .mpeg.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\russian kicking sperm uncut feet redhair .mpeg.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File created	C:\Windows\CbsTemp\gay sleeping stockings (Ashley,Tatjana).rar.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\chinese trambling catfight .mpg.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\blowjob uncut bondage .rar.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\italian action trambling masturbation glans mature .zip.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\indian beastiality sperm [bangbus] hole circumcision (Melissa).rar.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File created	C:\Windows\InputMethod\SHARED\brasilian action gay full movie cock leather .zip.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File created	C:\Windows\PLA\Templates\japanese animal horse licking .avi.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\blowjob sleeping blondie .rar.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\italian fetish beast sleeping swallow (Christine,Liz).mpeg.exe	11fbbc8979cfcb34c6cfed92bc22a830N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	11fbbc8979cfcb34c6cfed92bc22a830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	11fbbc8979cfcb34c6cfed92bc22a830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	11fbbc8979cfcb34c6cfed92bc22a830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	11fbbc8979cfcb34c6cfed92bc22a830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	11fbbc8979cfcb34c6cfed92bc22a830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	11fbbc8979cfcb34c6cfed92bc22a830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	11fbbc8979cfcb34c6cfed92bc22a830N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	11fbbc8979cfcb34c6cfed92bc22a830N.exe

Suspicious behavior: EnumeratesProcesses 26 IoCs

pid	Process
2052	11fbbc8979cfcb34c6cfed92bc22a830N.exe
2052	11fbbc8979cfcb34c6cfed92bc22a830N.exe
2928	11fbbc8979cfcb34c6cfed92bc22a830N.exe
2928	11fbbc8979cfcb34c6cfed92bc22a830N.exe
2052	11fbbc8979cfcb34c6cfed92bc22a830N.exe
2052	11fbbc8979cfcb34c6cfed92bc22a830N.exe
3868	11fbbc8979cfcb34c6cfed92bc22a830N.exe
3868	11fbbc8979cfcb34c6cfed92bc22a830N.exe
2928	11fbbc8979cfcb34c6cfed92bc22a830N.exe
2928	11fbbc8979cfcb34c6cfed92bc22a830N.exe
3188	11fbbc8979cfcb34c6cfed92bc22a830N.exe
3188	11fbbc8979cfcb34c6cfed92bc22a830N.exe
2052	11fbbc8979cfcb34c6cfed92bc22a830N.exe
2052	11fbbc8979cfcb34c6cfed92bc22a830N.exe
1400	11fbbc8979cfcb34c6cfed92bc22a830N.exe
1400	11fbbc8979cfcb34c6cfed92bc22a830N.exe
2928	11fbbc8979cfcb34c6cfed92bc22a830N.exe
2928	11fbbc8979cfcb34c6cfed92bc22a830N.exe
3700	11fbbc8979cfcb34c6cfed92bc22a830N.exe
3700	11fbbc8979cfcb34c6cfed92bc22a830N.exe
3868	11fbbc8979cfcb34c6cfed92bc22a830N.exe
3868	11fbbc8979cfcb34c6cfed92bc22a830N.exe
512	11fbbc8979cfcb34c6cfed92bc22a830N.exe
512	11fbbc8979cfcb34c6cfed92bc22a830N.exe
4256	11fbbc8979cfcb34c6cfed92bc22a830N.exe
4256	11fbbc8979cfcb34c6cfed92bc22a830N.exe

Suspicious use of WriteProcessMemory 33 IoCs

description	pid	Process	procid_target
PID 2052 wrote to memory of 2928	2052	11fbbc8979cfcb34c6cfed92bc22a830N.exe	96
PID 2052 wrote to memory of 2928	2052	11fbbc8979cfcb34c6cfed92bc22a830N.exe	96
PID 2052 wrote to memory of 2928	2052	11fbbc8979cfcb34c6cfed92bc22a830N.exe	96
PID 2928 wrote to memory of 3868	2928	11fbbc8979cfcb34c6cfed92bc22a830N.exe	99
PID 2928 wrote to memory of 3868	2928	11fbbc8979cfcb34c6cfed92bc22a830N.exe	99
PID 2928 wrote to memory of 3868	2928	11fbbc8979cfcb34c6cfed92bc22a830N.exe	99
PID 2052 wrote to memory of 3188	2052	11fbbc8979cfcb34c6cfed92bc22a830N.exe	100
PID 2052 wrote to memory of 3188	2052	11fbbc8979cfcb34c6cfed92bc22a830N.exe	100
PID 2052 wrote to memory of 3188	2052	11fbbc8979cfcb34c6cfed92bc22a830N.exe	100
PID 2928 wrote to memory of 1400	2928	11fbbc8979cfcb34c6cfed92bc22a830N.exe	103
PID 2928 wrote to memory of 1400	2928	11fbbc8979cfcb34c6cfed92bc22a830N.exe	103
PID 2928 wrote to memory of 1400	2928	11fbbc8979cfcb34c6cfed92bc22a830N.exe	103
PID 3868 wrote to memory of 3700	3868	11fbbc8979cfcb34c6cfed92bc22a830N.exe	104
PID 3868 wrote to memory of 3700	3868	11fbbc8979cfcb34c6cfed92bc22a830N.exe	104
PID 3868 wrote to memory of 3700	3868	11fbbc8979cfcb34c6cfed92bc22a830N.exe	104
PID 2052 wrote to memory of 512	2052	11fbbc8979cfcb34c6cfed92bc22a830N.exe	105
PID 2052 wrote to memory of 512	2052	11fbbc8979cfcb34c6cfed92bc22a830N.exe	105
PID 2052 wrote to memory of 512	2052	11fbbc8979cfcb34c6cfed92bc22a830N.exe	105
PID 3188 wrote to memory of 4256	3188	11fbbc8979cfcb34c6cfed92bc22a830N.exe	106
PID 3188 wrote to memory of 4256	3188	11fbbc8979cfcb34c6cfed92bc22a830N.exe	106
PID 3188 wrote to memory of 4256	3188	11fbbc8979cfcb34c6cfed92bc22a830N.exe	106
PID 1400 wrote to memory of 224	1400	11fbbc8979cfcb34c6cfed92bc22a830N.exe	108
PID 1400 wrote to memory of 224	1400	11fbbc8979cfcb34c6cfed92bc22a830N.exe	108
PID 1400 wrote to memory of 224	1400	11fbbc8979cfcb34c6cfed92bc22a830N.exe	108
PID 2928 wrote to memory of 2596	2928	11fbbc8979cfcb34c6cfed92bc22a830N.exe	109
PID 2928 wrote to memory of 2596	2928	11fbbc8979cfcb34c6cfed92bc22a830N.exe	109
PID 2928 wrote to memory of 2596	2928	11fbbc8979cfcb34c6cfed92bc22a830N.exe	109
PID 3868 wrote to memory of 4124	3868	11fbbc8979cfcb34c6cfed92bc22a830N.exe	110
PID 3868 wrote to memory of 4124	3868	11fbbc8979cfcb34c6cfed92bc22a830N.exe	110
PID 3868 wrote to memory of 4124	3868	11fbbc8979cfcb34c6cfed92bc22a830N.exe	110
PID 3700 wrote to memory of 768	3700	11fbbc8979cfcb34c6cfed92bc22a830N.exe	111
PID 3700 wrote to memory of 768	3700	11fbbc8979cfcb34c6cfed92bc22a830N.exe	111
PID 3700 wrote to memory of 768	3700	11fbbc8979cfcb34c6cfed92bc22a830N.exe	111

C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
"C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2052
- C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
  "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2928
- - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3868
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      Checks computer location settings
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:3700
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:768
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        7⤵
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        8⤵
        
        PID:10056
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        9⤵
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        8⤵
        
        PID:13024
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        8⤵
        
        PID:18004
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        8⤵
        
        PID:25016
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        7⤵
        
        PID:8568
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        8⤵
        
        PID:16748
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        8⤵
        
        PID:23612
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        7⤵
        
        PID:11612
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        8⤵
        
        PID:23776
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        7⤵
        
        PID:16016
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        7⤵
        
        PID:10000
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        7⤵
        
        PID:9136
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        8⤵
        
        PID:20204
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        7⤵
        
        PID:12492
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        7⤵
        
        PID:17396
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        7⤵
        
        PID:24052
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:8056
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        7⤵
        
        PID:15964
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        7⤵
        
        PID:10132
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:10204
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        7⤵
        
        PID:7764
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:13172
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:19000
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:5148
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        7⤵
        
        PID:7932
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        8⤵
        
        PID:14380
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        8⤵
        
        PID:20844
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        7⤵
        
        PID:10356
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        8⤵
        
        PID:21756
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        7⤵
        
        PID:14136
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        7⤵
        
        PID:2008
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        7⤵
        
        PID:14640
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        7⤵
        
        PID:20784
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:10156
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        7⤵
        
        PID:7644
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:13032
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:18012
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:24988
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:5960
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:7700
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        7⤵
        
        PID:15420
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        7⤵
        
        PID:7452
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:10172
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        7⤵
        
        PID:7808
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:12932
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:17924
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:7320
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:12244
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:16756
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:14964
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:9336
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:18916
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:12528
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:17404
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:14912
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:4124
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:5268
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        7⤵
        
        PID:8772
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        8⤵
        
        PID:20212
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        7⤵
        
        PID:12444
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        7⤵
        
        PID:16984
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        7⤵
        
        PID:4528
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:8064
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        7⤵
        
        PID:15432
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        7⤵
        
        PID:6912
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:10884
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        7⤵
        
        PID:4352
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:14876
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:5228
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:632
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:7988
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        7⤵
        
        PID:14420
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        7⤵
        
        PID:20828
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:10740
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        7⤵
        
        PID:22668
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:14356
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:2104
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:7648
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:14724
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:20908
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:10020
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:7548
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:12948
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:19736
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:704
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:6036
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:7692
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        7⤵
        
        PID:14224
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        7⤵
        
        PID:20032
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:10072
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        7⤵
        
        PID:7172
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:14024
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:19184
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:7492
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:12800
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:17588
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:24504
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:9636
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:18924
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:12688
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:17572
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:16908
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:5928
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:7820
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:14700
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:20820
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:10088
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:7792
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:13008
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:17932
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:7344
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:14108
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:20012
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:9536
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:18940
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:12680
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:16812
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:1896
- - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1400
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:224
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:780
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        7⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        8⤵
        
        PID:15884
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        8⤵
        
        PID:22520
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        7⤵
        
        PID:10504
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        8⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        7⤵
        
        PID:14572
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        7⤵
        
        PID:21380
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:7800
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        7⤵
        
        PID:14396
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        7⤵
        
        PID:20792
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:9872
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        7⤵
        
        PID:6984
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:12868
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:17564
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:24588
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:5948
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:7564
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        7⤵
        
        PID:13056
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        7⤵
        
        PID:18260
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:9896
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        7⤵
        
        PID:20960
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:12884
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:17624
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:24520
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:7336
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:13048
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:18064
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:9544
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:18908
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:12976
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:18376
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:884
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:5920
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        7⤵
        
        PID:13040
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        7⤵
        
        PID:18160
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        7⤵
        
        PID:25352
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:9752
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        7⤵
        
        PID:20836
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:12956
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:17940
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:17024
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:7328
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:12820
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:17432
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:14928
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:9812
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:7676
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:12940
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:18620
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:25540
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:5804
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:7176
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:12228
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:16788
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:14780
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:9320
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:18900
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:12476
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:17388
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:14856
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:7140
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:12260
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:16780
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:13768
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:2796
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:19440
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:12672
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:17476
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:24132
- - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
    3⤵
    PID:2596
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:5192
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:6260
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:8812
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        7⤵
        
        PID:17996
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:11876
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        7⤵
        
        PID:17248
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:16560
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:13388
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:8000
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:14364
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:20640
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:10336
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:21764
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:14284
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:20020
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:6044
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:7912
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:14372
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:20852
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:10212
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:21788
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:13184
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:19008
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:7552
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:12812
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:17596
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:24768
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:9888
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:20196
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:12828
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:17988
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:25384
- - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
    3⤵
    PID:976
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:5788
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:7224
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:11908
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        7⤵
        
        PID:25408
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:16552
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:23400
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:9208
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:18884
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:12452
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:17416
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:14972
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:7096
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:11900
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:25516
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:16684
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:13892
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:624
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:18932
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:12600
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:17580
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:24512
- - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
    3⤵
    PID:5812
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:7236
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:12408
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:16996
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:14040
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:9248
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:20576
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:12584
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:17484
- - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
    3⤵
    PID:7128
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:11892
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:16804
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:23632
- - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
    3⤵
    PID:9200
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:18072
- - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
    3⤵
    PID:12460
- - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
    3⤵
    PID:17424
- - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
    3⤵
    PID:14824
- C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
  "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3188
- - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:4256
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:2456
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:5652
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        7⤵
        
        PID:11832
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        8⤵
        
        PID:23836
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        7⤵
        
        PID:16580
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        7⤵
        
        PID:23420
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:8736
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        7⤵
        
        PID:18136
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        7⤵
        
        PID:25276
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:11988
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        7⤵
        
        PID:25508
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:16616
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:14476
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:6584
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:10944
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        7⤵
        
        PID:23232
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:14884
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:21260
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:8404
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:15476
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:7488
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:11152
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:22796
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:15440
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:6956
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:5436
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:6884
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:11884
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:16740
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:13940
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:8632
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:17980
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:11664
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:25400
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:15956
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:18032
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:6336
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:9760
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:20860
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:12964
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:17948
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:16652
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:8136
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:15460
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:7924
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:10496
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:9976
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:14120
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:19448
- - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
    3⤵
    PID:2948
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:5636
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:6904
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:11604
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        7⤵
        
        PID:22936
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:16004
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:21820
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:8924
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:18168
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:11996
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:25520
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:16724
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:13576
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:6568
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:10064
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:21576
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:13992
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:19860
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:8544
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:4108
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:22512
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:11200
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:22868
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:15196
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:6020
- - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
    3⤵
    PID:5360
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:6896
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:11636
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:25368
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:15948
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:9732
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:8888
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:17632
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:24744
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:11952
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:25392
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:16608
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:2764
- - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
    3⤵
    PID:6288
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:9048
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:18128
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:25360
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:12060
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:25532
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:16772
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:13560
- - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
    3⤵
    PID:7940
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:14348
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:20516
- - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
    3⤵
    PID:10488
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:22656
- - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
    3⤵
    PID:14128
- - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
    3⤵
    PID:1132
- C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
  "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:512
- - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
    3⤵
    PID:2944
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:5592
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:6860
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:10864
        
        C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        7⤵
        
        PID:22500
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:14300
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:20220
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:8728
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:16796
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:24000
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:11724
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:23784
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:16100
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:22484
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:6576
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:10960
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:22628
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:14892
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:5188
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:8144
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:14388
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:20952
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:10856
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:22636
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:14708
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:21224
- - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
    3⤵
    PID:5344
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:6712
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:10048
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:20968
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:12860
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:17956
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:8504
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:16564
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:23412
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:11216
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:22644
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:15468
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:6072
- - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
    3⤵
    PID:6248
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:8804
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:18876
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:11796
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:25376
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:16412
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:22612
- - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
    3⤵
    PID:7784
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:14292
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:4496
- - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
    3⤵
    PID:10164
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:21780
- - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
    3⤵
    PID:14100
- - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
    3⤵
    PID:19204
- C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
  "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
  2⤵
  PID:2412
- - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
    3⤵
    PID:5688
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:6928
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:11980
      - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        6⤵
        
        PID:17264
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:16732
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:22916
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:8876
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:18152
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:12252
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:16764
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:23828
- - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
    3⤵
    PID:6680
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:10196
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:19868
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:13016
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:17964
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:25336
- - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
    3⤵
    PID:8560
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:16064
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:22492
- - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
    3⤵
    PID:11208
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:23332
- - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
    3⤵
    PID:15452
- - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
    3⤵
    PID:6892
- C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
  "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
  2⤵
  PID:5376
- - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
    3⤵
    PID:6744
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:10904
    - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
        5⤵
        
        PID:22620
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:14852
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:5200
- - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
    3⤵
    PID:8552
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:16588
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:23428
- - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
    3⤵
    PID:11408
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:22940
- - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
    3⤵
    PID:15920
- - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
    3⤵
    PID:22184
- C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
  "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
  2⤵
  PID:6316
- - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
    3⤵
    PID:844
  - - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
      4⤵
      PID:18892
- - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
    3⤵
    PID:12484
- - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
    3⤵
    PID:17740
- C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
  "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
  2⤵
  PID:8048
- - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
    3⤵
    PID:15184
- - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
    3⤵
    PID:6608
- C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
  "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
  2⤵
  PID:10872
- - C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
    3⤵
    PID:22928
- C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
  "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
  2⤵
  PID:14900
- C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe
  "C:\Users\Admin\AppData\Local\Temp\11fbbc8979cfcb34c6cfed92bc22a830N.exe"
  2⤵
  PID:21156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4400,i,3210801877307184477,8078594481454001567,262144 --variations-seed-version --mojo-platform-channel-handle=4236 /prefetch:8
1⤵
PID:2340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\lingerie big hole .zip.exe

Filesize
259KB

MD5
6d1caa83085da54c8e9cb1d0250bb11e

SHA1
d64c87c280158c22d58f3996acc963aa8ffcc481

SHA256
c9454da0f175d46d4caeba9b1ee33f5e0f79762162705c58099209ea38e1f171

SHA512
0c0c5c028e4699586c957b5d5bd6d15afd1b60a39380234d3eb8306dfa40fa96f479b9bc91859e36526c590fc53860bb3851b1e9df652c699d3a1dd403d8f9bf

Download Submit