b0edd3f465402a74feeb3cd75a898182bcd444fc13c1d3aee772153dbcaa89d7

Analysis

max time kernel
120s
max time network
119s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
23/08/2024, 11:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ecdb0f3366feb124acda02b48d73d4e0N.exe
Size

509KB
MD5

ecdb0f3366feb124acda02b48d73d4e0
SHA1

5e43ca762dcae770a0c246c19fa35b0dbff0c289
SHA256

b0edd3f465402a74feeb3cd75a898182bcd444fc13c1d3aee772153dbcaa89d7
SHA512

734b8f0490d6919b5356cc5eaa02f2fbc1aae8c0b416e2a81220d848a5e1fdd8baeab046033570d010ef1aab59e630fe354bca762282127d8a420c8f4641f450
SSDEEP

12288:JXCNi9Bis1sEj2WM68yL/I7eWuNgprugO7KH0Z7n9gx8K:sWxXjMHTtROez

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	ecdb0f3366feb124acda02b48d73d4e0N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\A:	ecdb0f3366feb124acda02b48d73d4e0N.exe
File opened (read-only)	\??\S:	ecdb0f3366feb124acda02b48d73d4e0N.exe
File opened (read-only)	\??\T:	ecdb0f3366feb124acda02b48d73d4e0N.exe
File opened (read-only)	\??\W:	ecdb0f3366feb124acda02b48d73d4e0N.exe
File opened (read-only)	\??\I:	ecdb0f3366feb124acda02b48d73d4e0N.exe
File opened (read-only)	\??\J:	ecdb0f3366feb124acda02b48d73d4e0N.exe
File opened (read-only)	\??\O:	ecdb0f3366feb124acda02b48d73d4e0N.exe
File opened (read-only)	\??\R:	ecdb0f3366feb124acda02b48d73d4e0N.exe
File opened (read-only)	\??\U:	ecdb0f3366feb124acda02b48d73d4e0N.exe
File opened (read-only)	\??\V:	ecdb0f3366feb124acda02b48d73d4e0N.exe
File opened (read-only)	\??\X:	ecdb0f3366feb124acda02b48d73d4e0N.exe
File opened (read-only)	\??\Y:	ecdb0f3366feb124acda02b48d73d4e0N.exe
File opened (read-only)	\??\B:	ecdb0f3366feb124acda02b48d73d4e0N.exe
File opened (read-only)	\??\E:	ecdb0f3366feb124acda02b48d73d4e0N.exe
File opened (read-only)	\??\G:	ecdb0f3366feb124acda02b48d73d4e0N.exe
File opened (read-only)	\??\L:	ecdb0f3366feb124acda02b48d73d4e0N.exe
File opened (read-only)	\??\Z:	ecdb0f3366feb124acda02b48d73d4e0N.exe
File opened (read-only)	\??\P:	ecdb0f3366feb124acda02b48d73d4e0N.exe
File opened (read-only)	\??\Q:	ecdb0f3366feb124acda02b48d73d4e0N.exe
File opened (read-only)	\??\H:	ecdb0f3366feb124acda02b48d73d4e0N.exe
File opened (read-only)	\??\K:	ecdb0f3366feb124acda02b48d73d4e0N.exe
File opened (read-only)	\??\M:	ecdb0f3366feb124acda02b48d73d4e0N.exe
File opened (read-only)	\??\N:	ecdb0f3366feb124acda02b48d73d4e0N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\gay beastiality voyeur (Janette,Ashley).avi.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\asian xxx [bangbus] .mpeg.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\chinese beastiality animal uncut .mpg.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\SysWOW64\IME\shared\german porn big .rar.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\System32\DriverStore\Temp\swedish horse masturbation .zip.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\brasilian lesbian lesbian feet bondage (Sarah).mpeg.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\SysWOW64\IME\shared\american lingerie porn hidden legs .mpg.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\xxx cum hot (!) pregnant .zip.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\beast [bangbus] titts (Sonja,Sonja).rar.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\beastiality hidden .zip.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\lingerie horse several models .rar.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Program Files\DVD Maker\Shared\lesbian kicking full movie .zip.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\fucking fetish girls fishy (Sonja,Britney).mpeg.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\russian beast cum [bangbus] ash .zip.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Program Files (x86)\Google\Temp\action beastiality [bangbus] boobs .rar.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\danish animal lesbian uncut leather (Samantha,Liz).avi.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\african porn blowjob hot (!) (Kathrin,Samantha).rar.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Program Files\Windows Journal\Templates\french gay porn girls redhair (Samantha,Sandy).zip.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\african beast cumshot [bangbus] gorgeoushorny .zip.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\african action lesbian public legs high heels .mpeg.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\blowjob sleeping .avi.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\fucking [free] (Jade).rar.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Program Files (x86)\Google\Update\Download\blowjob hidden .rar.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\bukkake voyeur nipples stockings .rar.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\malaysia handjob sleeping shoes (Sarah,Sonja).rar.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\spanish cumshot public cock fishy .zip.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\black hardcore animal several models girly (Christine).avi.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\trambling bukkake hot (!) latex (Sonja).mpg.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\Downloaded Program Files\german beastiality [free] 40+ (Samantha,Sonja).mpg.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\security\templates\german sperm kicking full movie lady .avi.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\hardcore horse big ash .zip.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\cum sleeping .mpeg.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\swedish kicking trambling big (Janette,Anniston).mpeg.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\SoftwareDistribution\Download\russian hardcore fetish [free] (Sonja).rar.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\swedish animal sleeping (Anniston,Samantha).rar.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\blowjob catfight .avi.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\canadian fetish several models (Sarah).rar.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\black blowjob girls lady (Curtney).rar.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\winsxs\Temp\brasilian sperm [bangbus] cock latex (Jade).rar.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\tyrkish fetish licking shoes .mpeg.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\russian gang bang porn sleeping cock shoes (Jade,Janette).mpeg.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\african cum gay voyeur .avi.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\swedish sperm hidden ejaculation .mpeg.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\animal voyeur (Liz).zip.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\fetish uncut bondage .mpeg.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\british kicking gay hidden ash leather (Sonja).mpeg.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\swedish gang bang hot (!) bondage .rar.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\lingerie nude full movie 50+ (Anniston,Anniston).rar.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\french blowjob action [free] glans .mpeg.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\italian horse girls nipples .avi.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\danish beastiality beastiality [milf] castration .zip.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\danish gang bang gang bang [bangbus] lady .avi.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\brasilian beastiality girls 40+ .avi.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\animal big (Sarah).zip.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\kicking voyeur titts shower (Gina,Samantha).zip.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\african fucking beast masturbation .zip.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\nude voyeur vagina .mpg.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\brasilian animal fucking big young .mpeg.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\italian kicking beast catfight .rar.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\british gang bang several models vagina black hairunshaved .zip.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\japanese porn horse girls penetration (Sandy,Curtney).zip.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\gay sleeping (Jade).mpeg.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\russian handjob lingerie several models hole bedroom .mpeg.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\tyrkish action horse catfight sweet .mpg.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\danish bukkake sleeping hairy .zip.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\brasilian lesbian porn sleeping hole (Samantha).mpeg.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\kicking girls femdom (Kathrin).rar.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\blowjob cumshot hidden .mpeg.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\gay hardcore hot (!) balls .mpg.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\danish gay kicking hidden traffic .rar.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\sperm trambling full movie ìï .avi.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\italian handjob handjob [bangbus] 50+ .avi.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\black action hot (!) blondie .rar.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\porn [free] (Jade,Curtney).zip.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\asian cumshot hidden young .zip.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\horse porn several models shower .avi.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\assembly\tmp\swedish xxx masturbation mature .zip.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\brasilian blowjob hot (!) hotel .avi.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\nude lingerie [bangbus] girly (Liz,Britney).mpg.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\bukkake cum lesbian .mpeg.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\cum several models hairy .mpg.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\french xxx horse hidden feet .rar.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\PLA\Templates\cum handjob voyeur .mpg.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\italian hardcore fucking [bangbus] vagina boots .avi.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\german gay sleeping blondie .mpg.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\lesbian girls feet sweet (Liz).zip.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\brasilian kicking public .avi.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\kicking lingerie licking hotel (Melissa,Sonja).zip.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\kicking uncut boobs .mpeg.exe	ecdb0f3366feb124acda02b48d73d4e0N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3824	2716	WerFault.exe	29

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ecdb0f3366feb124acda02b48d73d4e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ecdb0f3366feb124acda02b48d73d4e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ecdb0f3366feb124acda02b48d73d4e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ecdb0f3366feb124acda02b48d73d4e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ecdb0f3366feb124acda02b48d73d4e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ecdb0f3366feb124acda02b48d73d4e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ecdb0f3366feb124acda02b48d73d4e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ecdb0f3366feb124acda02b48d73d4e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ecdb0f3366feb124acda02b48d73d4e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ecdb0f3366feb124acda02b48d73d4e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ecdb0f3366feb124acda02b48d73d4e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ecdb0f3366feb124acda02b48d73d4e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ecdb0f3366feb124acda02b48d73d4e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ecdb0f3366feb124acda02b48d73d4e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ecdb0f3366feb124acda02b48d73d4e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ecdb0f3366feb124acda02b48d73d4e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ecdb0f3366feb124acda02b48d73d4e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ecdb0f3366feb124acda02b48d73d4e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ecdb0f3366feb124acda02b48d73d4e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ecdb0f3366feb124acda02b48d73d4e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ecdb0f3366feb124acda02b48d73d4e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ecdb0f3366feb124acda02b48d73d4e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ecdb0f3366feb124acda02b48d73d4e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ecdb0f3366feb124acda02b48d73d4e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ecdb0f3366feb124acda02b48d73d4e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ecdb0f3366feb124acda02b48d73d4e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ecdb0f3366feb124acda02b48d73d4e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ecdb0f3366feb124acda02b48d73d4e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ecdb0f3366feb124acda02b48d73d4e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ecdb0f3366feb124acda02b48d73d4e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ecdb0f3366feb124acda02b48d73d4e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ecdb0f3366feb124acda02b48d73d4e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ecdb0f3366feb124acda02b48d73d4e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ecdb0f3366feb124acda02b48d73d4e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ecdb0f3366feb124acda02b48d73d4e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ecdb0f3366feb124acda02b48d73d4e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ecdb0f3366feb124acda02b48d73d4e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ecdb0f3366feb124acda02b48d73d4e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ecdb0f3366feb124acda02b48d73d4e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ecdb0f3366feb124acda02b48d73d4e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ecdb0f3366feb124acda02b48d73d4e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ecdb0f3366feb124acda02b48d73d4e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ecdb0f3366feb124acda02b48d73d4e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ecdb0f3366feb124acda02b48d73d4e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ecdb0f3366feb124acda02b48d73d4e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ecdb0f3366feb124acda02b48d73d4e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ecdb0f3366feb124acda02b48d73d4e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ecdb0f3366feb124acda02b48d73d4e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ecdb0f3366feb124acda02b48d73d4e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ecdb0f3366feb124acda02b48d73d4e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ecdb0f3366feb124acda02b48d73d4e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ecdb0f3366feb124acda02b48d73d4e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ecdb0f3366feb124acda02b48d73d4e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ecdb0f3366feb124acda02b48d73d4e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ecdb0f3366feb124acda02b48d73d4e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ecdb0f3366feb124acda02b48d73d4e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ecdb0f3366feb124acda02b48d73d4e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ecdb0f3366feb124acda02b48d73d4e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ecdb0f3366feb124acda02b48d73d4e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ecdb0f3366feb124acda02b48d73d4e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ecdb0f3366feb124acda02b48d73d4e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ecdb0f3366feb124acda02b48d73d4e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ecdb0f3366feb124acda02b48d73d4e0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ecdb0f3366feb124acda02b48d73d4e0N.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2716	ecdb0f3366feb124acda02b48d73d4e0N.exe
2208	ecdb0f3366feb124acda02b48d73d4e0N.exe
2716	ecdb0f3366feb124acda02b48d73d4e0N.exe
1924	ecdb0f3366feb124acda02b48d73d4e0N.exe
2912	ecdb0f3366feb124acda02b48d73d4e0N.exe
2208	ecdb0f3366feb124acda02b48d73d4e0N.exe
2716	ecdb0f3366feb124acda02b48d73d4e0N.exe
948	ecdb0f3366feb124acda02b48d73d4e0N.exe
2848	ecdb0f3366feb124acda02b48d73d4e0N.exe
2900	ecdb0f3366feb124acda02b48d73d4e0N.exe
2836	ecdb0f3366feb124acda02b48d73d4e0N.exe
1924	ecdb0f3366feb124acda02b48d73d4e0N.exe
2912	ecdb0f3366feb124acda02b48d73d4e0N.exe
2208	ecdb0f3366feb124acda02b48d73d4e0N.exe
2716	ecdb0f3366feb124acda02b48d73d4e0N.exe
2916	ecdb0f3366feb124acda02b48d73d4e0N.exe
2036	ecdb0f3366feb124acda02b48d73d4e0N.exe
1760	ecdb0f3366feb124acda02b48d73d4e0N.exe
2332	ecdb0f3366feb124acda02b48d73d4e0N.exe
264	ecdb0f3366feb124acda02b48d73d4e0N.exe
948	ecdb0f3366feb124acda02b48d73d4e0N.exe
416	ecdb0f3366feb124acda02b48d73d4e0N.exe
2848	ecdb0f3366feb124acda02b48d73d4e0N.exe
2900	ecdb0f3366feb124acda02b48d73d4e0N.exe
1924	ecdb0f3366feb124acda02b48d73d4e0N.exe
2912	ecdb0f3366feb124acda02b48d73d4e0N.exe
2236	ecdb0f3366feb124acda02b48d73d4e0N.exe
2208	ecdb0f3366feb124acda02b48d73d4e0N.exe
2012	ecdb0f3366feb124acda02b48d73d4e0N.exe
2836	ecdb0f3366feb124acda02b48d73d4e0N.exe
2716	ecdb0f3366feb124acda02b48d73d4e0N.exe
3000	ecdb0f3366feb124acda02b48d73d4e0N.exe
1720	ecdb0f3366feb124acda02b48d73d4e0N.exe
1256	ecdb0f3366feb124acda02b48d73d4e0N.exe
3028	ecdb0f3366feb124acda02b48d73d4e0N.exe
2036	ecdb0f3366feb124acda02b48d73d4e0N.exe
1760	ecdb0f3366feb124acda02b48d73d4e0N.exe
1400	ecdb0f3366feb124acda02b48d73d4e0N.exe
2916	ecdb0f3366feb124acda02b48d73d4e0N.exe
1164	ecdb0f3366feb124acda02b48d73d4e0N.exe
944	ecdb0f3366feb124acda02b48d73d4e0N.exe
2096	ecdb0f3366feb124acda02b48d73d4e0N.exe
2848	ecdb0f3366feb124acda02b48d73d4e0N.exe
1020	ecdb0f3366feb124acda02b48d73d4e0N.exe
2912	ecdb0f3366feb124acda02b48d73d4e0N.exe
2332	ecdb0f3366feb124acda02b48d73d4e0N.exe
2208	ecdb0f3366feb124acda02b48d73d4e0N.exe
2208	ecdb0f3366feb124acda02b48d73d4e0N.exe
948	ecdb0f3366feb124acda02b48d73d4e0N.exe
948	ecdb0f3366feb124acda02b48d73d4e0N.exe
2900	ecdb0f3366feb124acda02b48d73d4e0N.exe
2900	ecdb0f3366feb124acda02b48d73d4e0N.exe
1036	ecdb0f3366feb124acda02b48d73d4e0N.exe
1036	ecdb0f3366feb124acda02b48d73d4e0N.exe
1652	ecdb0f3366feb124acda02b48d73d4e0N.exe
1652	ecdb0f3366feb124acda02b48d73d4e0N.exe
1924	ecdb0f3366feb124acda02b48d73d4e0N.exe
1924	ecdb0f3366feb124acda02b48d73d4e0N.exe
1552	ecdb0f3366feb124acda02b48d73d4e0N.exe
1552	ecdb0f3366feb124acda02b48d73d4e0N.exe
376	ecdb0f3366feb124acda02b48d73d4e0N.exe
376	ecdb0f3366feb124acda02b48d73d4e0N.exe
264	ecdb0f3366feb124acda02b48d73d4e0N.exe
264	ecdb0f3366feb124acda02b48d73d4e0N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2716 wrote to memory of 2208	2716	ecdb0f3366feb124acda02b48d73d4e0N.exe	30
PID 2716 wrote to memory of 2208	2716	ecdb0f3366feb124acda02b48d73d4e0N.exe	30
PID 2716 wrote to memory of 2208	2716	ecdb0f3366feb124acda02b48d73d4e0N.exe	30
PID 2716 wrote to memory of 2208	2716	ecdb0f3366feb124acda02b48d73d4e0N.exe	30
PID 2208 wrote to memory of 1924	2208	ecdb0f3366feb124acda02b48d73d4e0N.exe	31
PID 2208 wrote to memory of 1924	2208	ecdb0f3366feb124acda02b48d73d4e0N.exe	31
PID 2208 wrote to memory of 1924	2208	ecdb0f3366feb124acda02b48d73d4e0N.exe	31
PID 2208 wrote to memory of 1924	2208	ecdb0f3366feb124acda02b48d73d4e0N.exe	31
PID 2716 wrote to memory of 2912	2716	ecdb0f3366feb124acda02b48d73d4e0N.exe	32
PID 2716 wrote to memory of 2912	2716	ecdb0f3366feb124acda02b48d73d4e0N.exe	32
PID 2716 wrote to memory of 2912	2716	ecdb0f3366feb124acda02b48d73d4e0N.exe	32
PID 2716 wrote to memory of 2912	2716	ecdb0f3366feb124acda02b48d73d4e0N.exe	32
PID 1924 wrote to memory of 948	1924	ecdb0f3366feb124acda02b48d73d4e0N.exe	33
PID 1924 wrote to memory of 948	1924	ecdb0f3366feb124acda02b48d73d4e0N.exe	33
PID 1924 wrote to memory of 948	1924	ecdb0f3366feb124acda02b48d73d4e0N.exe	33
PID 1924 wrote to memory of 948	1924	ecdb0f3366feb124acda02b48d73d4e0N.exe	33
PID 2912 wrote to memory of 2848	2912	ecdb0f3366feb124acda02b48d73d4e0N.exe	34
PID 2912 wrote to memory of 2848	2912	ecdb0f3366feb124acda02b48d73d4e0N.exe	34
PID 2912 wrote to memory of 2848	2912	ecdb0f3366feb124acda02b48d73d4e0N.exe	34
PID 2912 wrote to memory of 2848	2912	ecdb0f3366feb124acda02b48d73d4e0N.exe	34
PID 2208 wrote to memory of 2900	2208	ecdb0f3366feb124acda02b48d73d4e0N.exe	35
PID 2208 wrote to memory of 2900	2208	ecdb0f3366feb124acda02b48d73d4e0N.exe	35
PID 2208 wrote to memory of 2900	2208	ecdb0f3366feb124acda02b48d73d4e0N.exe	35
PID 2208 wrote to memory of 2900	2208	ecdb0f3366feb124acda02b48d73d4e0N.exe	35
PID 2716 wrote to memory of 2836	2716	ecdb0f3366feb124acda02b48d73d4e0N.exe	36
PID 2716 wrote to memory of 2836	2716	ecdb0f3366feb124acda02b48d73d4e0N.exe	36
PID 2716 wrote to memory of 2836	2716	ecdb0f3366feb124acda02b48d73d4e0N.exe	36
PID 2716 wrote to memory of 2836	2716	ecdb0f3366feb124acda02b48d73d4e0N.exe	36
PID 948 wrote to memory of 2916	948	ecdb0f3366feb124acda02b48d73d4e0N.exe	37
PID 948 wrote to memory of 2916	948	ecdb0f3366feb124acda02b48d73d4e0N.exe	37
PID 948 wrote to memory of 2916	948	ecdb0f3366feb124acda02b48d73d4e0N.exe	37
PID 948 wrote to memory of 2916	948	ecdb0f3366feb124acda02b48d73d4e0N.exe	37
PID 2848 wrote to memory of 2036	2848	ecdb0f3366feb124acda02b48d73d4e0N.exe	38
PID 2848 wrote to memory of 2036	2848	ecdb0f3366feb124acda02b48d73d4e0N.exe	38
PID 2848 wrote to memory of 2036	2848	ecdb0f3366feb124acda02b48d73d4e0N.exe	38
PID 2848 wrote to memory of 2036	2848	ecdb0f3366feb124acda02b48d73d4e0N.exe	38
PID 2900 wrote to memory of 1760	2900	ecdb0f3366feb124acda02b48d73d4e0N.exe	39
PID 2900 wrote to memory of 1760	2900	ecdb0f3366feb124acda02b48d73d4e0N.exe	39
PID 2900 wrote to memory of 1760	2900	ecdb0f3366feb124acda02b48d73d4e0N.exe	39
PID 2900 wrote to memory of 1760	2900	ecdb0f3366feb124acda02b48d73d4e0N.exe	39
PID 1924 wrote to memory of 416	1924	ecdb0f3366feb124acda02b48d73d4e0N.exe	40
PID 1924 wrote to memory of 416	1924	ecdb0f3366feb124acda02b48d73d4e0N.exe	40
PID 1924 wrote to memory of 416	1924	ecdb0f3366feb124acda02b48d73d4e0N.exe	40
PID 1924 wrote to memory of 416	1924	ecdb0f3366feb124acda02b48d73d4e0N.exe	40
PID 2912 wrote to memory of 2332	2912	ecdb0f3366feb124acda02b48d73d4e0N.exe	41
PID 2912 wrote to memory of 2332	2912	ecdb0f3366feb124acda02b48d73d4e0N.exe	41
PID 2912 wrote to memory of 2332	2912	ecdb0f3366feb124acda02b48d73d4e0N.exe	41
PID 2912 wrote to memory of 2332	2912	ecdb0f3366feb124acda02b48d73d4e0N.exe	41
PID 2208 wrote to memory of 264	2208	ecdb0f3366feb124acda02b48d73d4e0N.exe	42
PID 2208 wrote to memory of 264	2208	ecdb0f3366feb124acda02b48d73d4e0N.exe	42
PID 2208 wrote to memory of 264	2208	ecdb0f3366feb124acda02b48d73d4e0N.exe	42
PID 2208 wrote to memory of 264	2208	ecdb0f3366feb124acda02b48d73d4e0N.exe	42
PID 2836 wrote to memory of 2012	2836	ecdb0f3366feb124acda02b48d73d4e0N.exe	43
PID 2836 wrote to memory of 2012	2836	ecdb0f3366feb124acda02b48d73d4e0N.exe	43
PID 2836 wrote to memory of 2012	2836	ecdb0f3366feb124acda02b48d73d4e0N.exe	43
PID 2836 wrote to memory of 2012	2836	ecdb0f3366feb124acda02b48d73d4e0N.exe	43
PID 2716 wrote to memory of 2236	2716	ecdb0f3366feb124acda02b48d73d4e0N.exe	44
PID 2716 wrote to memory of 2236	2716	ecdb0f3366feb124acda02b48d73d4e0N.exe	44
PID 2716 wrote to memory of 2236	2716	ecdb0f3366feb124acda02b48d73d4e0N.exe	44
PID 2716 wrote to memory of 2236	2716	ecdb0f3366feb124acda02b48d73d4e0N.exe	44
PID 2916 wrote to memory of 3000	2916	ecdb0f3366feb124acda02b48d73d4e0N.exe	45
PID 2916 wrote to memory of 3000	2916	ecdb0f3366feb124acda02b48d73d4e0N.exe	45
PID 2916 wrote to memory of 3000	2916	ecdb0f3366feb124acda02b48d73d4e0N.exe	45
PID 2916 wrote to memory of 3000	2916	ecdb0f3366feb124acda02b48d73d4e0N.exe	45

C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
"C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2716
- C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
  "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2208
- - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1924
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:948
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2916
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        9⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        10⤵
        
        PID:11476
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        10⤵
        
        PID:20276
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        9⤵
        
        PID:8456
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        9⤵
        
        PID:12996
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        9⤵
        
        PID:17868
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        8⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        9⤵
        
        PID:9764
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        9⤵
        
        PID:13064
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        9⤵
        
        PID:18156
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        8⤵
        
        PID:7388
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        8⤵
        
        PID:12448
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        8⤵
        
        PID:20268
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        8⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        8⤵
        
        PID:8696
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        8⤵
        
        PID:14252
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        8⤵
        
        PID:10316
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        8⤵
        
        PID:24024
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:7536
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:13216
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:24248
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        8⤵
        
        PID:6656
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        8⤵
        
        PID:10504
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        8⤵
        
        PID:21208
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:8980
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:20160
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:8916
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:15476
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:23816
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:10100
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:16148
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:8048
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:13332
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:23700
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:3028
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        8⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        8⤵
        
        PID:8964
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        8⤵
        
        PID:20184
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        8⤵
        
        PID:10304
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        8⤵
        
        PID:24040
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:13224
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        8⤵
        
        PID:10064
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        8⤵
        
        PID:12972
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        8⤵
        
        PID:18180
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:8668
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:13412
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:22696
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:9628
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:16164
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:7436
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:12192
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:22664
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2624
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:7600
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:12372
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:16596
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:24160
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:6304
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:10976
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:24048
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:6552
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:10968
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:23728
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:5640
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:8464
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:14232
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:6664
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:416
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:848
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        8⤵
        
        PID:9588
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        8⤵
        
        PID:21240
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:12440
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:20240
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:8064
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:13444
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:23808
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:6384
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:10012
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:17600
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:3148
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:9376
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:16664
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:7084
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:9564
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:17476
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:4256
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:7644
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:13372
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:24120
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:6296
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:10984
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:23664
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2096
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:868
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:9432
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:17592
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:7460
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:13248
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:24080
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:4240
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:7476
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:13264
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:23776
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:6188
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:23752
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:10036
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:12980
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:20228
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:2572
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:4444
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:7588
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:10920
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:23720
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:6400
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:10952
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:23672
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3972
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:6600
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:10480
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:18164
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:5632
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:11404
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:17608
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:25008
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:8384
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:16540
- - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2900
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1760
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1256
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        8⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        9⤵
        
        PID:11516
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        9⤵
        
        PID:16640
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        9⤵
        
        PID:23840
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        8⤵
        
        PID:8956
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        8⤵
        
        PID:20168
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        8⤵
        
        PID:9716
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        8⤵
        
        PID:13032
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        8⤵
        
        PID:16604
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        8⤵
        
        PID:23824
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:10496
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:16356
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        8⤵
        
        PID:11364
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        8⤵
        
        PID:17584
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:8924
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:15520
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:5432
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:8120
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:14264
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1116
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:8584
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:13072
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:4060
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:9824
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:16240
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:7744
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:10520
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:16568
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:24176
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3712
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:10236
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:17468
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:9328
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:22720
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:5376
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:10020
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:19816
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:8080
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:13364
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:24088
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:944
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2840
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:9516
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:21232
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:7468
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:13232
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:4184
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:7104
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:9540
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:17532
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:6064
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:10252
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:16312
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:9272
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:16204
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:3652
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:1724
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:4360
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:7396
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:12408
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:17660
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:6264
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:10260
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:19548
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3980
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:6636
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:10936
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:23744
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:5624
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:10324
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:24008
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:8472
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:15440
- - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:264
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1652
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3092
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:9032
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:13156
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:9776
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:11888
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:21256
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:4232
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:7420
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:12388
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:16632
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:24168
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:6228
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:23856
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:10600
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:16500
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:24784
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2580
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:4384
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:8176
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:14240
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:24976
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:6392
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:10472
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:17688
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:3956
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:6516
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:10488
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:17668
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:25364
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:5616
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:10708
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:15488
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:24776
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:8328
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:13024
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:19636
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:2268
- - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1020
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3100
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:4780
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:8936
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:15504
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:6924
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:9344
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:16552
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:24240
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:4296
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:8072
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:13380
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:23592
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:6328
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:10268
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:19824
- - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2996
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:4052
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:6724
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:11376
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:20176
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:5948
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:23792
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:8944
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:15512
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:23832
- - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3836
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:6200
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:9600
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:21276
- - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
    3⤵
    PID:5576
- - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
    3⤵
    PID:8220
- - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
    3⤵
    PID:12176
- - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
    3⤵
    PID:2368
- C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
  "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2912
- - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2848
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2036
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:1720
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        8⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        9⤵
        
        PID:24400
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        8⤵
        
        PID:8688
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        8⤵
        
        PID:13256
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        8⤵
        
        PID:23636
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        8⤵
        
        PID:10056
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        8⤵
        
        PID:16172
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:7544
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:13324
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:24072
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:8608
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:13016
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:19804
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:2272
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:9804
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:13048
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:16296
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:7404
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:12416
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:20256
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:2284
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        8⤵
        
        PID:24128
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:8592
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:13056
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:19556
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:9732
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:15452
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:7560
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:10928
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:23708
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3524
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:3584
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:8704
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:13240
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:23768
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:5096
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:9792
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:12948
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:16612
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:24152
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:7412
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:12380
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:21224
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1400
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:1600
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:9264
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:16484
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:24000
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:8568
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:12964
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:17524
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:3760
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:6076
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:9660
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:16532
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:23736
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:5424
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:10072
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:12988
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:20024
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:8104
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:16228
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:25000
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4008
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:6676
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:11384
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:20152
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:24112
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:5860
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:8600
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:12956
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:20220
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:3768
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:6048
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:9280
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:16196
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:5416
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:10588
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:16264
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:8040
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:12424
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:20208
- - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2332
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1036
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3084
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:9484
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:22752
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:7060
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:9556
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:17492
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:4276
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:7764
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:10912
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:23692
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:6368
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:10944
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:24016
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2768
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4064
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:6772
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:10724
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:15464
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:23864
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:5956
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:24136
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:8996
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:13452
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:1956
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3784
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:6108
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:9336
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:22772
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:9360
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:16656
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:24104
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:5440
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:10048
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:13096
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:6652
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:8056
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:13420
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:16624
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:24184
- - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1164
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3132
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:5028
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:9452
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:17572
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:7444
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:15548
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:4464
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:8680
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:13204
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:6696
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:11316
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:24032
- - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1604
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:3284
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:6872
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:12152
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:23684
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:5964
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:8988
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:13132
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:24096
- - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3744
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:6016
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:10296
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:18172
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:8972
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:20192
- - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
    3⤵
    PID:5344
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:9784
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:13040
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:16276
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:11728
- - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
    3⤵
    PID:7752
- - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
    3⤵
    PID:10512
- - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
    3⤵
    PID:20284
- C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
  "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2836
- - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2012
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:376
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3140
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:9060
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:12480
        
        C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        7⤵
        
        PID:23872
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:7076
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:9572
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:17484
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:4288
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:8160
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:14216
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:23848
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:6440
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:10992
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:24056
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3124
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:5048
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:9640
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:16508
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:7136
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:9548
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:17500
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:4456
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:8304
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:12200
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:21264
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:6688
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:11392
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:22764
- - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1552
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3108
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:4752
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:8576
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:13004
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:16348
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:11852
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:6908
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:9352
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:16672
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:4264
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:7452
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:12432
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:21216
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:6272
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:10960
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:24064
- - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2396
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:4880
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:9420
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:16340
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:7092
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:9580
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:17516
- - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
    3⤵
    PID:4332
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:8132
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:14224
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:6748
- - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
    3⤵
    PID:6376
- - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
    3⤵
    PID:10004
- - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
    3⤵
    PID:17548
- C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
  "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:2236
- - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
    3⤵
    PID:2548
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2388
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:4988
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:9244
      - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        6⤵
        
        PID:16084
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:7336
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:12184
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:22656
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:4224
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:7484
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:13180
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:23760
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:6180
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:10028
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:13080
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:24144
- - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
    3⤵
    PID:2712
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:4808
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:8756
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:13400
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:22704
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:6932
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:9392
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:22736
- - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
    3⤵
    PID:4248
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:7216
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:12360
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:20248
- - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
    3⤵
    PID:6252
- - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
    3⤵
    PID:10276
- - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
    3⤵
    PID:16304
- - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
    3⤵
    PID:24768
- C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
  "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
  2⤵
  PID:2932
- - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3116
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:4796
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:9040
    - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
        5⤵
        
        PID:13164
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:6916
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:9368
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:22792
- - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
    3⤵
    PID:4208
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:7668
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:13148
- - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
    3⤵
    PID:1568
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:10244
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:16332
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:11784
- - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
    3⤵
    PID:9256
- - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
    3⤵
    PID:16212
- C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
  "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
  2⤵
  PID:3076
- - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
    3⤵
    PID:4868
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:9492
  - - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
      "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
      4⤵
      PID:19460
- - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
    3⤵
    PID:7068
- - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
    3⤵
    PID:9532
- - C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
    3⤵
    PID:17508
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 724
  2⤵
  - Program crash
  PID:3824
- C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe
  "C:\Users\Admin\AppData\Local\Temp\ecdb0f3366feb124acda02b48d73d4e0N.exe"
  2⤵
  PID:4216

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\bukkake voyeur nipples stockings .rar.exe

Filesize
878KB

MD5
5baf949eadb550f551c2edc3a74167cd

SHA1
80fae88b5d28658bbe857eb1727a0b34274d28b2

SHA256
6adfb2291f18a2e501d8963a35c71ebb42560b046d83b66ae953d2bea1f95d43

SHA512
806914695586162f28c8f8c88501db20b0901be821aa6232ebe15f5960e975147313d0375f5279b66edd761f89f560f2c3354c28bab73631c0212c8ec668c16e

Download Submit
C:\debug.txt

Filesize
183B

MD5
580550a2ac2a2c69839112387c8e0df1

SHA1
69b0ea6952c73502c0ff873de19b41e28a5892a5

SHA256
64f01b9f534199bd836c0a6e0ab4ad43e337b1bd87e3ac3ea9fda20539bd76b0

SHA512
1b6202ce36abbdf5aefd14171e53f4759344405677f6abb33e68108cc5b7036f959ece08fd85c34e42eb723daf588980030fb57b0cafb118f89a4851e42480f6

Download Submit