99a9b42aadea2737bce25dbe3fdef11fc18d43beab92d3666986be9435b1d7ba

Analysis

max time kernel
24s
max time network
91s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
24/08/2024, 22:59

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1e51fc2cc100ddb51b869c6ff81db7d0N.exe
Size

1.3MB
MD5

1e51fc2cc100ddb51b869c6ff81db7d0
SHA1

908ddc25bbd2e0f9431dd70c3b0a75ed249d69f5
SHA256

99a9b42aadea2737bce25dbe3fdef11fc18d43beab92d3666986be9435b1d7ba
SHA512

b2a6a7676368ab9d68574bc6329259cdc1b0da54a9b69df053eb0ab587f0b51836d969baf22642e9e1905aeb75779f5c04d30943fb512279dd5c517a84ee3712
SSDEEP

24576:2wCZiJyQ5Q+h5Abc628M1U7WC6GZj2h6rk+0bEYzm+tHrNX6ndlRFdgmeFJ:hCZki4D8RWNGBNbOEEm+tHV6rRFdgmeT

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	1e51fc2cc100ddb51b869c6ff81db7d0N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Z:	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File opened (read-only)	\??\B:	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File opened (read-only)	\??\E:	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File opened (read-only)	\??\M:	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File opened (read-only)	\??\S:	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File opened (read-only)	\??\V:	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File opened (read-only)	\??\W:	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File opened (read-only)	\??\G:	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File opened (read-only)	\??\J:	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File opened (read-only)	\??\K:	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File opened (read-only)	\??\T:	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File opened (read-only)	\??\X:	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File opened (read-only)	\??\A:	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File opened (read-only)	\??\H:	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File opened (read-only)	\??\L:	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File opened (read-only)	\??\N:	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File opened (read-only)	\??\Q:	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File opened (read-only)	\??\R:	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File opened (read-only)	\??\I:	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File opened (read-only)	\??\O:	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File opened (read-only)	\??\P:	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File opened (read-only)	\??\U:	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File opened (read-only)	\??\Y:	1e51fc2cc100ddb51b869c6ff81db7d0N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\Temp\horse several models hole 40+ .avi.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\gang bang voyeur ash (Sylvia,Sonja).rar.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\nude action [milf] cock .mpeg.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\handjob action voyeur leather .mpeg.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\danish animal lesbian public feet latex (Sarah,Sarah).avi.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\SysWOW64\IME\shared\lesbian horse catfight circumcision .mpg.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\african hardcore trambling masturbation glans (Gina).mpg.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\german lesbian masturbation circumcision .mpg.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\SysWOW64\IME\shared\swedish bukkake big ash ejaculation (Sandy).zip.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\xxx beastiality hidden nipples .mpeg.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\action horse big vagina .zip.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\gay [bangbus] .rar.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Program Files\DVD Maker\Shared\xxx handjob voyeur .zip.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\african animal beast licking shoes (Sarah).mpeg.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\asian hardcore lesbian several models nipples (Britney).mpg.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Program Files (x86)\Google\Temp\fucking voyeur lady .zip.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\american hardcore public .rar.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\african fucking fetish voyeur balls .zip.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\indian lingerie masturbation .zip.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\german fetish cum [bangbus] .rar.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\japanese porn uncut castration (Christine).avi.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\russian kicking sleeping ash 50+ .avi.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\beast trambling uncut .avi.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Program Files\Windows Journal\Templates\german horse girls .avi.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Program Files (x86)\Google\Update\Download\trambling trambling hidden hole YEâPSè& .mpeg.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\porn lesbian hotel .zip.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\gang bang lesbian ash YEâPSè& (Jenna,Sonja).zip.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\black gang bang voyeur hole 50+ (Curtney,Curtney).mpg.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\indian fucking lesbian beautyfull .mpeg.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\fucking [milf] sm .mpeg.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\nude hot (!) .avi.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\gang bang porn girls .mpeg.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\lesbian [milf] pregnant .mpg.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\malaysia beastiality hidden high heels .rar.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\american cum hot (!) .mpg.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\russian beast sleeping stockings .mpg.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\cum sleeping legs (Sonja).zip.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\lingerie blowjob hidden legs .avi.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\fucking [milf] lady .mpeg.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\horse trambling lesbian .zip.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\russian nude hardcore girls vagina hairy (Britney,Curtney).rar.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\spanish horse gang bang licking .mpeg.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\canadian lesbian [free] .avi.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\malaysia sperm beast sleeping hotel (Gina,Samantha).mpg.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\british lesbian public shower .mpeg.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\asian fucking several models high heels .mpg.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\danish cum bukkake big (Sarah,Sarah).avi.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\african porn fucking full movie (Sandy).rar.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\fetish hot (!) pregnant .avi.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\lingerie full movie hole upskirt (Sonja).rar.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\canadian trambling girls castration .avi.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\german xxx hot (!) .mpg.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\PLA\Templates\asian blowjob handjob [milf] pregnant .mpg.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\african animal blowjob [bangbus] blondie (Liz).mpg.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\cum horse hidden .zip.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\lingerie big glans traffic .rar.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\security\templates\xxx fetish big penetration (Melissa).mpeg.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\norwegian horse gang bang catfight beautyfull .mpeg.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\asian sperm catfight .mpg.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\cum animal full movie ash ash .mpg.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\canadian cum cumshot big bondage (Kathrin,Samantha).mpg.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\japanese horse full movie redhair (Gina).mpg.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\british kicking girls legs beautyfull (Samantha,Liz).zip.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\fucking lesbian full movie .mpeg.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\russian gay licking (Liz,Janette).rar.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\cum [milf] .avi.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\african action hot (!) latex (Sarah,Ashley).rar.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\action big shower .rar.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\canadian horse girls (Sonja,Anniston).mpg.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\kicking several models .zip.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\xxx voyeur YEâPSè& .mpeg.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\german nude voyeur cock stockings .avi.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\fucking porn big pregnant (Sonja,Sandy).mpeg.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\gay several models hairy .mpeg.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\bukkake lesbian nipples .mpeg.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\cumshot nude full movie .mpg.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\cumshot nude hidden ìï .rar.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\american trambling porn [free] ash .avi.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\french kicking cumshot girls gorgeoushorny .mpeg.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\spanish sperm beast big young (Ashley,Janette).avi.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\british fucking public redhair (Melissa).mpeg.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\spanish kicking gang bang masturbation legs ash .mpeg.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\porn hardcore [bangbus] feet gorgeoushorny .avi.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\indian blowjob sleeping hole (Christine,Kathrin).mpeg.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\german cum bukkake girls cock wifey .zip.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\kicking gang bang girls shower (Gina).avi.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\chinese beast [milf] vagina sm .avi.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\black fucking nude girls balls (Sonja,Jenna).avi.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\handjob several models boobs bondage .rar.exe	1e51fc2cc100ddb51b869c6ff81db7d0N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1e51fc2cc100ddb51b869c6ff81db7d0N.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2976	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
2972	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
2976	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
2660	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
3044	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
2972	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
2976	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
2016	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
580	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
1412	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
2660	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
856	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
3044	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
2972	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
2976	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
2336	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
1276	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
2404	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
2016	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
2496	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
2036	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
1028	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
580	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
300	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
2660	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
1412	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
2904	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
856	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
3044	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
2972	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
2976	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
2452	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
2084	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
1632	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
2568	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
2336	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
1484	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
1276	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
1776	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
2992	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
2016	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
2404	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
3000	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
3000	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
960	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
960	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
580	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
580	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
2496	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
2496	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
1508	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
1508	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
1060	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
1060	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
1028	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
1028	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
916	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
916	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
2036	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
2660	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
2036	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
2660	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
1412	1e51fc2cc100ddb51b869c6ff81db7d0N.exe
1412	1e51fc2cc100ddb51b869c6ff81db7d0N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2976 wrote to memory of 2972	2976	1e51fc2cc100ddb51b869c6ff81db7d0N.exe	30
PID 2976 wrote to memory of 2972	2976	1e51fc2cc100ddb51b869c6ff81db7d0N.exe	30
PID 2976 wrote to memory of 2972	2976	1e51fc2cc100ddb51b869c6ff81db7d0N.exe	30
PID 2976 wrote to memory of 2972	2976	1e51fc2cc100ddb51b869c6ff81db7d0N.exe	30
PID 2972 wrote to memory of 2660	2972	1e51fc2cc100ddb51b869c6ff81db7d0N.exe	31
PID 2972 wrote to memory of 2660	2972	1e51fc2cc100ddb51b869c6ff81db7d0N.exe	31
PID 2972 wrote to memory of 2660	2972	1e51fc2cc100ddb51b869c6ff81db7d0N.exe	31
PID 2972 wrote to memory of 2660	2972	1e51fc2cc100ddb51b869c6ff81db7d0N.exe	31
PID 2976 wrote to memory of 3044	2976	1e51fc2cc100ddb51b869c6ff81db7d0N.exe	32
PID 2976 wrote to memory of 3044	2976	1e51fc2cc100ddb51b869c6ff81db7d0N.exe	32
PID 2976 wrote to memory of 3044	2976	1e51fc2cc100ddb51b869c6ff81db7d0N.exe	32
PID 2976 wrote to memory of 3044	2976	1e51fc2cc100ddb51b869c6ff81db7d0N.exe	32
PID 2660 wrote to memory of 2016	2660	1e51fc2cc100ddb51b869c6ff81db7d0N.exe	33
PID 2660 wrote to memory of 2016	2660	1e51fc2cc100ddb51b869c6ff81db7d0N.exe	33
PID 2660 wrote to memory of 2016	2660	1e51fc2cc100ddb51b869c6ff81db7d0N.exe	33
PID 2660 wrote to memory of 2016	2660	1e51fc2cc100ddb51b869c6ff81db7d0N.exe	33
PID 3044 wrote to memory of 580	3044	1e51fc2cc100ddb51b869c6ff81db7d0N.exe	34
PID 3044 wrote to memory of 580	3044	1e51fc2cc100ddb51b869c6ff81db7d0N.exe	34
PID 3044 wrote to memory of 580	3044	1e51fc2cc100ddb51b869c6ff81db7d0N.exe	34
PID 3044 wrote to memory of 580	3044	1e51fc2cc100ddb51b869c6ff81db7d0N.exe	34
PID 2972 wrote to memory of 1412	2972	1e51fc2cc100ddb51b869c6ff81db7d0N.exe	35
PID 2972 wrote to memory of 1412	2972	1e51fc2cc100ddb51b869c6ff81db7d0N.exe	35
PID 2972 wrote to memory of 1412	2972	1e51fc2cc100ddb51b869c6ff81db7d0N.exe	35
PID 2972 wrote to memory of 1412	2972	1e51fc2cc100ddb51b869c6ff81db7d0N.exe	35
PID 2976 wrote to memory of 856	2976	1e51fc2cc100ddb51b869c6ff81db7d0N.exe	36
PID 2976 wrote to memory of 856	2976	1e51fc2cc100ddb51b869c6ff81db7d0N.exe	36
PID 2976 wrote to memory of 856	2976	1e51fc2cc100ddb51b869c6ff81db7d0N.exe	36
PID 2976 wrote to memory of 856	2976	1e51fc2cc100ddb51b869c6ff81db7d0N.exe	36
PID 2016 wrote to memory of 2336	2016	1e51fc2cc100ddb51b869c6ff81db7d0N.exe	37
PID 2016 wrote to memory of 2336	2016	1e51fc2cc100ddb51b869c6ff81db7d0N.exe	37
PID 2016 wrote to memory of 2336	2016	1e51fc2cc100ddb51b869c6ff81db7d0N.exe	37
PID 2016 wrote to memory of 2336	2016	1e51fc2cc100ddb51b869c6ff81db7d0N.exe	37
PID 580 wrote to memory of 1276	580	1e51fc2cc100ddb51b869c6ff81db7d0N.exe	38
PID 580 wrote to memory of 1276	580	1e51fc2cc100ddb51b869c6ff81db7d0N.exe	38
PID 580 wrote to memory of 1276	580	1e51fc2cc100ddb51b869c6ff81db7d0N.exe	38
PID 580 wrote to memory of 1276	580	1e51fc2cc100ddb51b869c6ff81db7d0N.exe	38
PID 2660 wrote to memory of 2404	2660	1e51fc2cc100ddb51b869c6ff81db7d0N.exe	39
PID 2660 wrote to memory of 2404	2660	1e51fc2cc100ddb51b869c6ff81db7d0N.exe	39
PID 2660 wrote to memory of 2404	2660	1e51fc2cc100ddb51b869c6ff81db7d0N.exe	39
PID 2660 wrote to memory of 2404	2660	1e51fc2cc100ddb51b869c6ff81db7d0N.exe	39
PID 1412 wrote to memory of 2496	1412	1e51fc2cc100ddb51b869c6ff81db7d0N.exe	40
PID 1412 wrote to memory of 2496	1412	1e51fc2cc100ddb51b869c6ff81db7d0N.exe	40
PID 1412 wrote to memory of 2496	1412	1e51fc2cc100ddb51b869c6ff81db7d0N.exe	40
PID 1412 wrote to memory of 2496	1412	1e51fc2cc100ddb51b869c6ff81db7d0N.exe	40
PID 3044 wrote to memory of 2036	3044	1e51fc2cc100ddb51b869c6ff81db7d0N.exe	41
PID 3044 wrote to memory of 2036	3044	1e51fc2cc100ddb51b869c6ff81db7d0N.exe	41
PID 3044 wrote to memory of 2036	3044	1e51fc2cc100ddb51b869c6ff81db7d0N.exe	41
PID 3044 wrote to memory of 2036	3044	1e51fc2cc100ddb51b869c6ff81db7d0N.exe	41
PID 856 wrote to memory of 1028	856	1e51fc2cc100ddb51b869c6ff81db7d0N.exe	42
PID 856 wrote to memory of 1028	856	1e51fc2cc100ddb51b869c6ff81db7d0N.exe	42
PID 856 wrote to memory of 1028	856	1e51fc2cc100ddb51b869c6ff81db7d0N.exe	42
PID 856 wrote to memory of 1028	856	1e51fc2cc100ddb51b869c6ff81db7d0N.exe	42
PID 2972 wrote to memory of 300	2972	1e51fc2cc100ddb51b869c6ff81db7d0N.exe	43
PID 2972 wrote to memory of 300	2972	1e51fc2cc100ddb51b869c6ff81db7d0N.exe	43
PID 2972 wrote to memory of 300	2972	1e51fc2cc100ddb51b869c6ff81db7d0N.exe	43
PID 2972 wrote to memory of 300	2972	1e51fc2cc100ddb51b869c6ff81db7d0N.exe	43
PID 2976 wrote to memory of 2904	2976	1e51fc2cc100ddb51b869c6ff81db7d0N.exe	44
PID 2976 wrote to memory of 2904	2976	1e51fc2cc100ddb51b869c6ff81db7d0N.exe	44
PID 2976 wrote to memory of 2904	2976	1e51fc2cc100ddb51b869c6ff81db7d0N.exe	44
PID 2976 wrote to memory of 2904	2976	1e51fc2cc100ddb51b869c6ff81db7d0N.exe	44
PID 2336 wrote to memory of 2452	2336	1e51fc2cc100ddb51b869c6ff81db7d0N.exe	46
PID 2336 wrote to memory of 2452	2336	1e51fc2cc100ddb51b869c6ff81db7d0N.exe	46
PID 2336 wrote to memory of 2452	2336	1e51fc2cc100ddb51b869c6ff81db7d0N.exe	46
PID 2336 wrote to memory of 2452	2336	1e51fc2cc100ddb51b869c6ff81db7d0N.exe	46

C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
"C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2976
- C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
  "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2972
- - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2660
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2016
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2336
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        9⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        10⤵
        
        PID:10824
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        11⤵
        
        PID:21900
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        10⤵
        
        PID:19860
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        9⤵
        
        PID:8680
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        10⤵
        
        PID:21812
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        9⤵
        
        PID:17236
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        9⤵
        
        PID:9120
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        10⤵
        
        PID:21916
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        9⤵
        
        PID:16816
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:7244
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        9⤵
        
        PID:16920
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:11752
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        9⤵
        
        PID:21868
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:21204
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        9⤵
        
        PID:11188
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        10⤵
        
        PID:21728
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        9⤵
        
        PID:19988
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:8440
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        9⤵
        
        PID:21364
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:14548
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:22604
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:9696
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        9⤵
        
        PID:21016
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:18096
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:7268
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:20212
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:11784
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:21968
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:20520
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        9⤵
        
        PID:11436
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        10⤵
        
        PID:21024
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        9⤵
        
        PID:21316
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:8632
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        9⤵
        
        PID:21960
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:17284
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:9040
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        9⤵
        
        PID:20324
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:17404
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:7260
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:14636
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:21780
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:11768
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:21712
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:20512
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:11620
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        9⤵
        
        PID:21180
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:20864
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:8664
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:21820
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:17260
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:9324
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:20624
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:17420
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:7704
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:20356
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:11680
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:20696
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:20776
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2568
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        9⤵
        
        PID:13012
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        10⤵
        
        PID:22564
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        9⤵
        
        PID:20904
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:9152
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        9⤵
        
        PID:21356
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:14620
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:10816
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        9⤵
        
        PID:20720
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:21388
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:8284
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:20404
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:14524
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:22596
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:11372
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        9⤵
        
        PID:21548
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:17340
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:8736
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:19676
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:17412
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:9072
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:19892
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:17380
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:7460
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:20096
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:10272
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:20584
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:20104
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1936
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:12916
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:21756
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:9452
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:21664
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:17656
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:10832
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:21236
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:19908
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:8432
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:20276
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:16488
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3716
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:11628
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:21100
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:20664
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:8884
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:19868
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:16100
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:5212
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:9892
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:21428
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:16992
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:7804
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:17468
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:11712
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:21172
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:20784
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2404
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:1632
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        9⤵
        
        PID:11612
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        10⤵
        
        PID:21568
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        9⤵
        
        PID:20656
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:9176
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        9⤵
        
        PID:21032
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:19844
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:9916
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        9⤵
        
        PID:21276
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:20496
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:8276
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:19652
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:14572
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:22652
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:12956
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:22480
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:8860
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:22160
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:17348
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:9908
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:21340
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:20504
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:7840
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:20528
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:11720
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:21992
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:20832
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2096
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:15736
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:9756
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:20848
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:16512
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:11156
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:21000
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:17556
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:8392
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:20396
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:17460
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3724
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:11636
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:21828
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:20800
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:9128
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:21008
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:18712
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:5204
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:9632
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:20728
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:17516
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:7812
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:2444
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:11704
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:21704
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:20792
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2992
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:1996
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:16928
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:20712
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:21212
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:12812
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:22488
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:8728
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:21460
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:16824
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3860
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:12788
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:22184
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:9340
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:20768
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:17372
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:5468
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:10168
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:21640
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:14772
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:8252
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:20912
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:14448
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:22628
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4420
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:7920
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:20880
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:13256
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:22432
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:21396
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:6596
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:16568
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:10200
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:21932
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:16896
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:4116
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:7116
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:16984
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:11012
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:21984
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:20036
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:6100
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:12940
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:22336
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:22000
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:8908
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:21484
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:17324
- - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1412
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2496
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1484
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        9⤵
        
        PID:11604
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        10⤵
        
        PID:21444
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        9⤵
        
        PID:20856
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:9168
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        9⤵
        
        PID:22056
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:14540
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:22572
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:10480
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        9⤵
        
        PID:20760
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:17436
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:8268
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:20688
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:14628
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:588
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:11576
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        9⤵
        
        PID:22008
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:19972
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:8648
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:21852
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:17252
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:9672
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:21420
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:17684
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:7468
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:19932
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:9868
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:20568
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:17696
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1940
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:17572
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:10904
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:20184
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:17444
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:12804
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:22520
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:8900
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:19876
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:17364
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4020
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:17648
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:10184
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:21632
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:16888
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:5860
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:12796
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:22440
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:8656
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:20292
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:16528
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1508
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3084
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:9624
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:22032
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:20260
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:7212
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:14612
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:22580
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:11044
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:22064
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:19884
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4444
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:8088
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:2520
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:16536
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:6668
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:16912
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:10176
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:20744
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:16840
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2776
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4304
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:7824
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:19916
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:13100
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:22416
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:21412
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:6504
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:14476
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:22620
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:9844
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:21244
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:17548
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:624
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:7004
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:20252
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:11148
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:21116
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:21196
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:6076
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:11736
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:21648
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:20840
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:8868
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:20268
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:17428
- - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:300
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1060
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:3112
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:9204
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:22040
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:17276
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:17476
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:11696
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:21092
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:20824
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:4464
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:8072
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:19940
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:14812
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:6676
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:20236
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:10300
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:21656
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:19724
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2744
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:4396
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:20348
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:14732
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:6568
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:15744
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:9860
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:21908
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:16496
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:4100
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:7096
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:20204
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:11052
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:20560
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:19964
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:6084
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:12832
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:22512
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:8892
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:21884
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:16832
- - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2172
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:3244
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:4860
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:9764
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:21688
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:19460
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:7672
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:17500
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:13060
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:22100
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:4512
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:8380
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:20364
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:14744
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:6844
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:16960
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:10760
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:21836
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:19980
- - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2836
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:4820
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:9680
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:20992
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:18660
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:7196
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:14604
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:2028
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:11124
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:20600
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:21300
- - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4436
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:7952
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:20672
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:11664
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:20932
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:20816
- - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
    3⤵
    PID:6652
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:15704
- - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
    3⤵
    PID:10256
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:20976
- - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
    3⤵
    PID:20176
- C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
  "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3044
- - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:580
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1276
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2084
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        9⤵
        
        PID:12868
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        9⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:8464
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        9⤵
        
        PID:20308
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:14564
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:22588
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:8940
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        9⤵
        
        PID:21736
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:17396
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:7204
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:17452
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:11036
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:20960
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:20052
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:12884
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:22496
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:8672
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:20284
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:17532
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:9060
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:21892
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:15764
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:7236
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:20244
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:11060
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:21476
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:19852
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1660
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:11744
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        9⤵
        
        PID:21220
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:21324
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:8624
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:20300
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:17204
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:9664
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:20552
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:19708
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:7396
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:20476
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:10280
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:21860
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:20120
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:3600
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:11204
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:20968
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:20044
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:8720
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:19924
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:16544
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:5040
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:9648
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:20576
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:17012
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:7420
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:12252
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:22448
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:21792
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:10288
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:20872
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:20080
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1776
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2664
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:14580
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:10224
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:20736
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:16848
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:11588
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:21156
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:20460
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:8616
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:22092
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:17540
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3852
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:13004
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:22660
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:9532
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:21948
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:17316
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:5428
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:9900
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:20452
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:21284
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:8260
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:19684
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:14588
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:22644
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:2676
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:4072
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:15384
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:10792
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:21148
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:17524
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:6064
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:12892
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:22504
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:9136
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:21940
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:19204
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3984
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:6576
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:14556
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:10248
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:22048
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:20380
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:5756
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:10896
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:21188
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:21252
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:8640
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:19948
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:17268
- - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2036
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:960
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2944
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:8852
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:20004
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:17356
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:7060
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:17492
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:11028
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:21436
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:20640
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4224
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:7720
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:17196
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:11672
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:21844
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:20648
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:6328
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:12908
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:22176
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:9508
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:20372
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:17672
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:2872
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4268
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:7768
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:20444
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:13028
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:22424
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:21124
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:6448
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:14780
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:9616
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:20704
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:20196
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:4124
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:7144
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:19716
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:10776
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:21976
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:20420
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:6108
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:12932
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:22464
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:22192
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:8876
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:21140
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:17388
- - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:916
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:3152
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:4992
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:9688
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:21132
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:18492
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:7308
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:16944
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:9852
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:20632
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:17000
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:4484
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:8360
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:1048
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:16560
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:6836
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:17564
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:11140
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:21332
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:21308
- - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
    3⤵
    PID:2900
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:4636
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:8812
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:21468
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:17244
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:7076
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:14516
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:11132
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:22016
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:20952
- - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
    3⤵
    PID:4216
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:7300
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:17664
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:11776
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:20592
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:21268
- - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
    3⤵
    PID:6272
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:13020
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:22352
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:20920
- - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
    3⤵
    PID:9516
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:22024
- - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
    3⤵
    PID:17836
- C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
  "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:856
- - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1028
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3000
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2864
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:8924
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        8⤵
        
        PID:20340
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:16552
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:17484
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:11020
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:20752
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:19996
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4232
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:7728
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:2000
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:14788
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:6368
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:15720
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:9468
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:21108
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:20112
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2792
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4208
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:7280
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:16936
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:11728
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:21164
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:20808
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:6192
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:12996
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:22668
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:20680
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:9160
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:20544
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:13248
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:22344
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:22168
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:4108
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:7084
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:16976
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:10768
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:20984
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:20412
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:6092
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:12260
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:21672
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:21404
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:9144
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:21076
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:19836
- - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1552
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:3196
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:5144
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:9772
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:20616
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:20088
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:7696
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:2692
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:13880
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:1164
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4456
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:8160
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:17020
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:14468
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:22636
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:6660
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:15728
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:10208
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:20332
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:16880
- - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2628
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:4688
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:9640
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:21876
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:17620
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:7124
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:20220
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:10784
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:19660
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:21084
- - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
    3⤵
    PID:4240
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:7680
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:20388
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:11688
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:21696
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:20436
- - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
    3⤵
    PID:6376
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:12824
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:22084
- - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
    3⤵
    PID:9524
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:19900
- - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
    3⤵
    PID:20428
- C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
  "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2904
- - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
    3⤵
    PID:3008
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3336
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:5132
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:9460
        
        C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        7⤵
        
        PID:21040
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:16520
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:7664
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:20888
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:13232
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:22456
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:21348
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:4496
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:8348
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:20316
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:14532
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:22612
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:6828
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:16904
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:10192
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:21228
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:16872
- - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3124
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:5108
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:9332
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:21680
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:17332
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:7712
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:20468
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:14796
- - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
    3⤵
    PID:4472
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:8008
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:19956
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:13240
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:22320
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:22072
- - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
    3⤵
    PID:6684
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:16864
- - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
    3⤵
    PID:10232
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:21452
- - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
    3⤵
    PID:20488
- C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
  "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
  2⤵
  PID:2324
- - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3276
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:5156
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:9740
      - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        6⤵
        
        PID:20536
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:16504
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:7760
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:19668
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:14348
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:22556
- - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4520
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:8044
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:20944
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:14596
- - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
    3⤵
    PID:6748
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:20228
- - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
    3⤵
    PID:10264
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:21924
- - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
    3⤵
    PID:21292
- C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
  "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
  2⤵
  PID:3092
- - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
    3⤵
    PID:4908
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:9656
    - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
        5⤵
        
        PID:21720
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:18696
- - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
    3⤵
    PID:7252
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:15368
- - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
    3⤵
    PID:11760
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:20608
- - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
    3⤵
    PID:21260
- C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
  "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4428
- - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
    3⤵
    PID:7868
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:12924
  - - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
      4⤵
      PID:21764
- - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
    3⤵
    PID:14712
- C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
  "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
  2⤵
  PID:6628
- - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
    3⤵
    PID:16576
- C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
  "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
  2⤵
  PID:10216
- - C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
    3⤵
    PID:21804
- C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe
  "C:\Users\Admin\AppData\Local\Temp\1e51fc2cc100ddb51b869c6ff81db7d0N.exe"
  2⤵
  PID:16856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\african fucking fetish voyeur balls .zip.exe

Filesize
1.1MB

MD5
8b14056ecb725b85b0927164de092889

SHA1
017d0f6bce68190c229495d463089c78ba3bc542

SHA256
69d8ebd09cc4c8ab5aa3b9ef5e8385ac00f35691718a127aafd953fb26ae0708

SHA512
8b8ebb25e2641e586fbc8de9326ad3888b6aa3b4d6669974f6c759126f6740ecba62b7643545bb030aa47ae567c28cd8ed46af713eb09bdb58eb0d4de1b3c513

Download Submit
C:\debug.txt

Filesize
183B

MD5
52bf22edb5644133647811db34ecda2f

SHA1
c045a41cdc07a07832ff87c66ab90436d0fb6dd5

SHA256
de86c56f0254fc2fc6d9794e0400d94e3b225edd334fe835ce7e3d4ca200accd

SHA512
689a96023e620964baa1388b911e53285500b35a505d30d7b033f4fa7d33dc4b87565505244825fc1c1655cb2b19ec6823d5b5a81bfcc9ee5599004c846c5bca

Download Submit