2f680496bba32cac630a99a4f6bd5bd922700d0d7ad3812b9ce9d0cebf186b36

Analysis

max time kernel
16s
max time network
120s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
08/09/2024, 07:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e39beb749bab9e7e012fe42b9bb04fc0N.exe
Size

861KB
MD5

e39beb749bab9e7e012fe42b9bb04fc0
SHA1

504d49d3fa828da4a44be7681c22095819a2efc5
SHA256

2f680496bba32cac630a99a4f6bd5bd922700d0d7ad3812b9ce9d0cebf186b36
SHA512

a2d5e47842ce40155b1ec68486693d70c952188984cfaaa0869939db50d6985a6b9f49d89ecaa6887556ca680a3523175b930ab376c9738702d83d143431d472
SSDEEP

24576:lHxyu7vbLaLSxJ4VjgYBLkUZRO7MvkRce:RMGvaLgJ4ixlqkF

Score

7^/10

discovery persistence spyware stealer upx

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2112-0-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/files/0x0007000000016d4a-5.dat	upx
behavioral1/memory/2640-49-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/2640-85-0x0000000004D10000-0x0000000004D66000-memory.dmp	upx
behavioral1/memory/2164-89-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/2112-88-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/2088-86-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/2640-95-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/1488-98-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/2088-100-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/2424-103-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/2164-102-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/1952-106-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/1488-105-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/2828-110-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/2572-112-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/2424-111-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/1196-108-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/2796-107-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/2424-116-0x0000000004E10000-0x0000000004E66000-memory.dmp	upx
behavioral1/memory/1284-115-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/1952-117-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/2640-114-0x0000000004D20000-0x0000000004D76000-memory.dmp	upx
behavioral1/memory/2004-118-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/1220-123-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/564-124-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/2828-122-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/2132-121-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/1488-120-0x0000000004E60000-0x0000000004EB6000-memory.dmp	upx
behavioral1/memory/2572-125-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/3004-127-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/2004-129-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/1744-128-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/564-135-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/1504-131-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/1292-130-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/3000-126-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/2132-133-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/1700-137-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/1792-136-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/1784-134-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/1856-138-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/1744-140-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/1504-143-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/1292-142-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/980-141-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/2212-146-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/2344-145-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/1784-144-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/1700-148-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/1868-150-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/2460-151-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/980-153-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/796-152-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/1704-163-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/1608-164-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/2460-165-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/660-162-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/2852-161-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/2644-158-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/2724-160-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/660-175-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/2524-176-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/2212-157-0x0000000000400000-0x0000000000456000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	e39beb749bab9e7e012fe42b9bb04fc0N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\O:	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File opened (read-only)	\??\B:	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File opened (read-only)	\??\E:	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File opened (read-only)	\??\G:	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File opened (read-only)	\??\H:	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File opened (read-only)	\??\I:	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File opened (read-only)	\??\L:	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File opened (read-only)	\??\N:	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File opened (read-only)	\??\R:	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File opened (read-only)	\??\S:	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File opened (read-only)	\??\V:	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File opened (read-only)	\??\X:	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File opened (read-only)	\??\A:	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File opened (read-only)	\??\J:	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File opened (read-only)	\??\K:	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File opened (read-only)	\??\T:	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File opened (read-only)	\??\U:	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File opened (read-only)	\??\W:	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File opened (read-only)	\??\Y:	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File opened (read-only)	\??\Q:	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File opened (read-only)	\??\M:	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File opened (read-only)	\??\P:	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File opened (read-only)	\??\Z:	e39beb749bab9e7e012fe42b9bb04fc0N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\FxsTmp\swedish cum lesbian masturbation .mpeg.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\cumshot blowjob several models feet gorgeoushorny .mpeg.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\SysWOW64\IME\shared\fucking masturbation wifey .avi.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\italian kicking blowjob [bangbus] feet stockings .mpg.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\german trambling several models cock shoes (Melissa).mpg.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\SysWOW64\IME\shared\indian cum bukkake hot (!) glans .mpg.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\swedish horse gay hot (!) (Tatjana).mpeg.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\american porn lingerie [bangbus] pregnant (Kathrin,Curtney).rar.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\System32\DriverStore\Temp\brasilian porn lingerie licking .avi.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\sperm full movie YEâPSè& (Gina,Samantha).zip.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Journal\Templates\danish cumshot lesbian big swallow .rar.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\beast hot (!) .mpeg.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\danish horse bukkake big cock .rar.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\italian porn lingerie uncut hotel .mpeg.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Program Files (x86)\Google\Temp\brasilian porn beast several models lady .mpg.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\russian cum lingerie big shoes .mpg.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Program Files\DVD Maker\Shared\american handjob sperm [bangbus] feet hairy .zip.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\american handjob bukkake voyeur glans boots (Sylvia).mpeg.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\italian animal trambling big mature .zip.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\japanese kicking beast sleeping mistress .mpg.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\russian fetish gay voyeur mistress .avi.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\tyrkish fetish xxx lesbian black hairunshaved .rar.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Program Files (x86)\Google\Update\Download\black horse lingerie girls girly .avi.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\gay girls mistress .zip.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\american fetish horse [free] glans lady (Karin).mpeg.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\african xxx lesbian .avi.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\canadian hardcore masturbation feet (Christine,Sylvia).mpeg.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\porn lesbian full movie .zip.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\canadian xxx masturbation 40+ .mpg.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\black cumshot horse lesbian leather (Ashley,Tatjana).zip.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\black beastiality sperm licking feet circumcision .rar.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\security\templates\italian gang bang bukkake girls titts .rar.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\blowjob girls titts stockings .mpg.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\fucking sleeping .mpeg.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\american cumshot xxx public hole latex (Sylvia).mpeg.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\xxx [milf] feet high heels (Liz).avi.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\black fetish trambling uncut cock high heels (Jade).rar.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\japanese handjob gay full movie circumcision (Kathrin,Karin).zip.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\black nude trambling [bangbus] balls .mpeg.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\fetish beast sleeping (Curtney).mpeg.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\cumshot lesbian licking ejaculation .mpeg.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\kicking bukkake catfight ejaculation .rar.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\russian cum blowjob full movie cock .avi.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\spanish lingerie [milf] bondage .mpg.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\horse gay hot (!) glans .avi.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\swedish horse blowjob [bangbus] hole bedroom (Samantha).rar.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\horse catfight hole bondage (Jade).avi.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\african lingerie sleeping hairy (Jenna,Karin).avi.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\cum gay hot (!) hole YEâPSè& (Liz).mpg.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\malaysia beast licking girly .mpg.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\trambling girls glans ejaculation .mpeg.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\beast uncut shoes .mpg.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\swedish kicking sperm [milf] pregnant (Sonja,Karin).mpeg.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\swedish gang bang horse catfight .zip.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\american fetish blowjob [bangbus] glans swallow (Liz).rar.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\italian beastiality beast several models castration .zip.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\danish cumshot sperm lesbian titts .rar.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\danish handjob lesbian licking mistress .avi.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\danish handjob fucking uncut titts 40+ (Samantha).zip.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\mssrv.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\swedish nude sperm [milf] hairy .avi.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\tyrkish kicking fucking voyeur ejaculation .rar.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\tyrkish beastiality bukkake [milf] hotel .zip.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\american action sperm sleeping .avi.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\Downloaded Program Files\american kicking blowjob uncut .rar.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\PLA\Templates\gay voyeur feet lady .rar.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\russian horse gay [bangbus] cock redhair .mpeg.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\spanish lingerie licking .mpeg.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\russian handjob horse hidden feet .mpeg.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\tyrkish action gay sleeping .avi.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\norwegian lesbian [free] .rar.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\japanese beastiality bukkake [milf] titts boots .zip.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\hardcore hidden hole .mpeg.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\horse beast [milf] (Melissa).mpeg.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\spanish gay several models .mpeg.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\tyrkish kicking hardcore masturbation fishy .avi.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\black porn sperm [milf] swallow .mpg.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\winsxs\InstallTemp\swedish fetish gay [bangbus] latex .rar.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\russian nude horse uncut latex .zip.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\african trambling lesbian glans .avi.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\african xxx catfight feet fishy .zip.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\nude bukkake voyeur mature .zip.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\assembly\temp\hardcore uncut glans .mpg.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\SoftwareDistribution\Download\black cumshot lesbian sleeping redhair .mpg.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\fucking girls hole bedroom (Sarah).mpg.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\american cumshot bukkake voyeur swallow (Britney,Liz).mpg.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\african bukkake uncut cock 40+ (Liz).rar.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\brasilian horse trambling several models (Tatjana).mpeg.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\french sperm lesbian YEâPSè& .zip.exe	e39beb749bab9e7e012fe42b9bb04fc0N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 53 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e39beb749bab9e7e012fe42b9bb04fc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e39beb749bab9e7e012fe42b9bb04fc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e39beb749bab9e7e012fe42b9bb04fc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e39beb749bab9e7e012fe42b9bb04fc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e39beb749bab9e7e012fe42b9bb04fc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e39beb749bab9e7e012fe42b9bb04fc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e39beb749bab9e7e012fe42b9bb04fc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e39beb749bab9e7e012fe42b9bb04fc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e39beb749bab9e7e012fe42b9bb04fc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e39beb749bab9e7e012fe42b9bb04fc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e39beb749bab9e7e012fe42b9bb04fc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e39beb749bab9e7e012fe42b9bb04fc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e39beb749bab9e7e012fe42b9bb04fc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e39beb749bab9e7e012fe42b9bb04fc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e39beb749bab9e7e012fe42b9bb04fc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e39beb749bab9e7e012fe42b9bb04fc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e39beb749bab9e7e012fe42b9bb04fc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e39beb749bab9e7e012fe42b9bb04fc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e39beb749bab9e7e012fe42b9bb04fc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e39beb749bab9e7e012fe42b9bb04fc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e39beb749bab9e7e012fe42b9bb04fc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e39beb749bab9e7e012fe42b9bb04fc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e39beb749bab9e7e012fe42b9bb04fc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e39beb749bab9e7e012fe42b9bb04fc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e39beb749bab9e7e012fe42b9bb04fc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e39beb749bab9e7e012fe42b9bb04fc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e39beb749bab9e7e012fe42b9bb04fc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e39beb749bab9e7e012fe42b9bb04fc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e39beb749bab9e7e012fe42b9bb04fc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e39beb749bab9e7e012fe42b9bb04fc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e39beb749bab9e7e012fe42b9bb04fc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e39beb749bab9e7e012fe42b9bb04fc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e39beb749bab9e7e012fe42b9bb04fc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e39beb749bab9e7e012fe42b9bb04fc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e39beb749bab9e7e012fe42b9bb04fc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e39beb749bab9e7e012fe42b9bb04fc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e39beb749bab9e7e012fe42b9bb04fc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e39beb749bab9e7e012fe42b9bb04fc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e39beb749bab9e7e012fe42b9bb04fc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e39beb749bab9e7e012fe42b9bb04fc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e39beb749bab9e7e012fe42b9bb04fc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e39beb749bab9e7e012fe42b9bb04fc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e39beb749bab9e7e012fe42b9bb04fc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e39beb749bab9e7e012fe42b9bb04fc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e39beb749bab9e7e012fe42b9bb04fc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e39beb749bab9e7e012fe42b9bb04fc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e39beb749bab9e7e012fe42b9bb04fc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e39beb749bab9e7e012fe42b9bb04fc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e39beb749bab9e7e012fe42b9bb04fc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e39beb749bab9e7e012fe42b9bb04fc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e39beb749bab9e7e012fe42b9bb04fc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e39beb749bab9e7e012fe42b9bb04fc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e39beb749bab9e7e012fe42b9bb04fc0N.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2112	e39beb749bab9e7e012fe42b9bb04fc0N.exe
2640	e39beb749bab9e7e012fe42b9bb04fc0N.exe
2112	e39beb749bab9e7e012fe42b9bb04fc0N.exe
2088	e39beb749bab9e7e012fe42b9bb04fc0N.exe
2164	e39beb749bab9e7e012fe42b9bb04fc0N.exe
2112	e39beb749bab9e7e012fe42b9bb04fc0N.exe
2640	e39beb749bab9e7e012fe42b9bb04fc0N.exe
1488	e39beb749bab9e7e012fe42b9bb04fc0N.exe
2796	e39beb749bab9e7e012fe42b9bb04fc0N.exe
2088	e39beb749bab9e7e012fe42b9bb04fc0N.exe
1196	e39beb749bab9e7e012fe42b9bb04fc0N.exe
2164	e39beb749bab9e7e012fe42b9bb04fc0N.exe
2112	e39beb749bab9e7e012fe42b9bb04fc0N.exe
2424	e39beb749bab9e7e012fe42b9bb04fc0N.exe
2640	e39beb749bab9e7e012fe42b9bb04fc0N.exe
1284	e39beb749bab9e7e012fe42b9bb04fc0N.exe
1488	e39beb749bab9e7e012fe42b9bb04fc0N.exe
1952	e39beb749bab9e7e012fe42b9bb04fc0N.exe
2088	e39beb749bab9e7e012fe42b9bb04fc0N.exe
1220	e39beb749bab9e7e012fe42b9bb04fc0N.exe
1196	e39beb749bab9e7e012fe42b9bb04fc0N.exe
2828	e39beb749bab9e7e012fe42b9bb04fc0N.exe
2796	e39beb749bab9e7e012fe42b9bb04fc0N.exe
2572	e39beb749bab9e7e012fe42b9bb04fc0N.exe
2164	e39beb749bab9e7e012fe42b9bb04fc0N.exe
2112	e39beb749bab9e7e012fe42b9bb04fc0N.exe
3000	e39beb749bab9e7e012fe42b9bb04fc0N.exe
3004	e39beb749bab9e7e012fe42b9bb04fc0N.exe
2640	e39beb749bab9e7e012fe42b9bb04fc0N.exe
2424	e39beb749bab9e7e012fe42b9bb04fc0N.exe
2004	e39beb749bab9e7e012fe42b9bb04fc0N.exe
2132	e39beb749bab9e7e012fe42b9bb04fc0N.exe
564	e39beb749bab9e7e012fe42b9bb04fc0N.exe
1284	e39beb749bab9e7e012fe42b9bb04fc0N.exe
1488	e39beb749bab9e7e012fe42b9bb04fc0N.exe
1792	e39beb749bab9e7e012fe42b9bb04fc0N.exe
1856	e39beb749bab9e7e012fe42b9bb04fc0N.exe
1744	e39beb749bab9e7e012fe42b9bb04fc0N.exe
2088	e39beb749bab9e7e012fe42b9bb04fc0N.exe
1504	e39beb749bab9e7e012fe42b9bb04fc0N.exe
1220	e39beb749bab9e7e012fe42b9bb04fc0N.exe
1196	e39beb749bab9e7e012fe42b9bb04fc0N.exe
2344	e39beb749bab9e7e012fe42b9bb04fc0N.exe
2344	e39beb749bab9e7e012fe42b9bb04fc0N.exe
2112	e39beb749bab9e7e012fe42b9bb04fc0N.exe
2112	e39beb749bab9e7e012fe42b9bb04fc0N.exe
1292	e39beb749bab9e7e012fe42b9bb04fc0N.exe
1292	e39beb749bab9e7e012fe42b9bb04fc0N.exe
2828	e39beb749bab9e7e012fe42b9bb04fc0N.exe
2828	e39beb749bab9e7e012fe42b9bb04fc0N.exe
1868	e39beb749bab9e7e012fe42b9bb04fc0N.exe
1868	e39beb749bab9e7e012fe42b9bb04fc0N.exe
1952	e39beb749bab9e7e012fe42b9bb04fc0N.exe
1952	e39beb749bab9e7e012fe42b9bb04fc0N.exe
1784	e39beb749bab9e7e012fe42b9bb04fc0N.exe
1784	e39beb749bab9e7e012fe42b9bb04fc0N.exe
2796	e39beb749bab9e7e012fe42b9bb04fc0N.exe
2796	e39beb749bab9e7e012fe42b9bb04fc0N.exe
2164	e39beb749bab9e7e012fe42b9bb04fc0N.exe
2164	e39beb749bab9e7e012fe42b9bb04fc0N.exe
1700	e39beb749bab9e7e012fe42b9bb04fc0N.exe
1700	e39beb749bab9e7e012fe42b9bb04fc0N.exe
2572	e39beb749bab9e7e012fe42b9bb04fc0N.exe
2572	e39beb749bab9e7e012fe42b9bb04fc0N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2112 wrote to memory of 2640	2112	e39beb749bab9e7e012fe42b9bb04fc0N.exe	30
PID 2112 wrote to memory of 2640	2112	e39beb749bab9e7e012fe42b9bb04fc0N.exe	30
PID 2112 wrote to memory of 2640	2112	e39beb749bab9e7e012fe42b9bb04fc0N.exe	30
PID 2112 wrote to memory of 2640	2112	e39beb749bab9e7e012fe42b9bb04fc0N.exe	30
PID 2640 wrote to memory of 2088	2640	e39beb749bab9e7e012fe42b9bb04fc0N.exe	31
PID 2640 wrote to memory of 2088	2640	e39beb749bab9e7e012fe42b9bb04fc0N.exe	31
PID 2640 wrote to memory of 2088	2640	e39beb749bab9e7e012fe42b9bb04fc0N.exe	31
PID 2640 wrote to memory of 2088	2640	e39beb749bab9e7e012fe42b9bb04fc0N.exe	31
PID 2112 wrote to memory of 2164	2112	e39beb749bab9e7e012fe42b9bb04fc0N.exe	32
PID 2112 wrote to memory of 2164	2112	e39beb749bab9e7e012fe42b9bb04fc0N.exe	32
PID 2112 wrote to memory of 2164	2112	e39beb749bab9e7e012fe42b9bb04fc0N.exe	32
PID 2112 wrote to memory of 2164	2112	e39beb749bab9e7e012fe42b9bb04fc0N.exe	32
PID 2088 wrote to memory of 1488	2088	e39beb749bab9e7e012fe42b9bb04fc0N.exe	33
PID 2088 wrote to memory of 1488	2088	e39beb749bab9e7e012fe42b9bb04fc0N.exe	33
PID 2088 wrote to memory of 1488	2088	e39beb749bab9e7e012fe42b9bb04fc0N.exe	33
PID 2088 wrote to memory of 1488	2088	e39beb749bab9e7e012fe42b9bb04fc0N.exe	33
PID 2164 wrote to memory of 2796	2164	e39beb749bab9e7e012fe42b9bb04fc0N.exe	34
PID 2164 wrote to memory of 2796	2164	e39beb749bab9e7e012fe42b9bb04fc0N.exe	34
PID 2164 wrote to memory of 2796	2164	e39beb749bab9e7e012fe42b9bb04fc0N.exe	34
PID 2164 wrote to memory of 2796	2164	e39beb749bab9e7e012fe42b9bb04fc0N.exe	34
PID 2112 wrote to memory of 1196	2112	e39beb749bab9e7e012fe42b9bb04fc0N.exe	35
PID 2112 wrote to memory of 1196	2112	e39beb749bab9e7e012fe42b9bb04fc0N.exe	35
PID 2112 wrote to memory of 1196	2112	e39beb749bab9e7e012fe42b9bb04fc0N.exe	35
PID 2112 wrote to memory of 1196	2112	e39beb749bab9e7e012fe42b9bb04fc0N.exe	35
PID 2640 wrote to memory of 2424	2640	e39beb749bab9e7e012fe42b9bb04fc0N.exe	36
PID 2640 wrote to memory of 2424	2640	e39beb749bab9e7e012fe42b9bb04fc0N.exe	36
PID 2640 wrote to memory of 2424	2640	e39beb749bab9e7e012fe42b9bb04fc0N.exe	36
PID 2640 wrote to memory of 2424	2640	e39beb749bab9e7e012fe42b9bb04fc0N.exe	36
PID 1488 wrote to memory of 1284	1488	e39beb749bab9e7e012fe42b9bb04fc0N.exe	37
PID 1488 wrote to memory of 1284	1488	e39beb749bab9e7e012fe42b9bb04fc0N.exe	37
PID 1488 wrote to memory of 1284	1488	e39beb749bab9e7e012fe42b9bb04fc0N.exe	37
PID 1488 wrote to memory of 1284	1488	e39beb749bab9e7e012fe42b9bb04fc0N.exe	37
PID 2088 wrote to memory of 1952	2088	e39beb749bab9e7e012fe42b9bb04fc0N.exe	38
PID 2088 wrote to memory of 1952	2088	e39beb749bab9e7e012fe42b9bb04fc0N.exe	38
PID 2088 wrote to memory of 1952	2088	e39beb749bab9e7e012fe42b9bb04fc0N.exe	38
PID 2088 wrote to memory of 1952	2088	e39beb749bab9e7e012fe42b9bb04fc0N.exe	38
PID 2796 wrote to memory of 1220	2796	e39beb749bab9e7e012fe42b9bb04fc0N.exe	39
PID 2796 wrote to memory of 1220	2796	e39beb749bab9e7e012fe42b9bb04fc0N.exe	39
PID 2796 wrote to memory of 1220	2796	e39beb749bab9e7e012fe42b9bb04fc0N.exe	39
PID 2796 wrote to memory of 1220	2796	e39beb749bab9e7e012fe42b9bb04fc0N.exe	39
PID 2164 wrote to memory of 2828	2164	e39beb749bab9e7e012fe42b9bb04fc0N.exe	40
PID 2164 wrote to memory of 2828	2164	e39beb749bab9e7e012fe42b9bb04fc0N.exe	40
PID 2164 wrote to memory of 2828	2164	e39beb749bab9e7e012fe42b9bb04fc0N.exe	40
PID 2164 wrote to memory of 2828	2164	e39beb749bab9e7e012fe42b9bb04fc0N.exe	40
PID 1196 wrote to memory of 3000	1196	e39beb749bab9e7e012fe42b9bb04fc0N.exe	41
PID 1196 wrote to memory of 3000	1196	e39beb749bab9e7e012fe42b9bb04fc0N.exe	41
PID 1196 wrote to memory of 3000	1196	e39beb749bab9e7e012fe42b9bb04fc0N.exe	41
PID 1196 wrote to memory of 3000	1196	e39beb749bab9e7e012fe42b9bb04fc0N.exe	41
PID 2112 wrote to memory of 2572	2112	e39beb749bab9e7e012fe42b9bb04fc0N.exe	42
PID 2112 wrote to memory of 2572	2112	e39beb749bab9e7e012fe42b9bb04fc0N.exe	42
PID 2112 wrote to memory of 2572	2112	e39beb749bab9e7e012fe42b9bb04fc0N.exe	42
PID 2112 wrote to memory of 2572	2112	e39beb749bab9e7e012fe42b9bb04fc0N.exe	42
PID 2640 wrote to memory of 3004	2640	e39beb749bab9e7e012fe42b9bb04fc0N.exe	43
PID 2640 wrote to memory of 3004	2640	e39beb749bab9e7e012fe42b9bb04fc0N.exe	43
PID 2640 wrote to memory of 3004	2640	e39beb749bab9e7e012fe42b9bb04fc0N.exe	43
PID 2640 wrote to memory of 3004	2640	e39beb749bab9e7e012fe42b9bb04fc0N.exe	43
PID 2424 wrote to memory of 2004	2424	e39beb749bab9e7e012fe42b9bb04fc0N.exe	44
PID 2424 wrote to memory of 2004	2424	e39beb749bab9e7e012fe42b9bb04fc0N.exe	44
PID 2424 wrote to memory of 2004	2424	e39beb749bab9e7e012fe42b9bb04fc0N.exe	44
PID 2424 wrote to memory of 2004	2424	e39beb749bab9e7e012fe42b9bb04fc0N.exe	44
PID 1284 wrote to memory of 2132	1284	e39beb749bab9e7e012fe42b9bb04fc0N.exe	45
PID 1284 wrote to memory of 2132	1284	e39beb749bab9e7e012fe42b9bb04fc0N.exe	45
PID 1284 wrote to memory of 2132	1284	e39beb749bab9e7e012fe42b9bb04fc0N.exe	45
PID 1284 wrote to memory of 2132	1284	e39beb749bab9e7e012fe42b9bb04fc0N.exe	45

C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
"C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2112
- C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
  "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2640
- - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
    "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2088
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1488
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1284
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        8⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        9⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        10⤵
        
        PID:10096
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        10⤵
        
        PID:14152
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        9⤵
        
        PID:8516
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        10⤵
        
        PID:19064
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        9⤵
        
        PID:17904
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        8⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        9⤵
        
        PID:9040
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        9⤵
        
        PID:18468
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        8⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        9⤵
        
        PID:17588
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        8⤵
        
        PID:11516
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        8⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        9⤵
        
        PID:12316
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        8⤵
        
        PID:8540
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        8⤵
        
        PID:18452
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        8⤵
        
        PID:9128
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        8⤵
        
        PID:13148
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:7000
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        8⤵
        
        PID:17880
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:11696
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        8⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        9⤵
        
        PID:12292
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        9⤵
        
        PID:22536
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        8⤵
        
        PID:9284
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        9⤵
        
        PID:9048
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        8⤵
        
        PID:18660
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        8⤵
        
        PID:8664
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        8⤵
        
        PID:13244
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        8⤵
        
        PID:18388
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:11712
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        8⤵
        
        PID:11412
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        9⤵
        
        PID:18356
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        8⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:8880
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        8⤵
        
        PID:23320
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:18380
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:9156
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:6384
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:7092
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:18920
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:11704
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:564
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        8⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        9⤵
        
        PID:10680
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        9⤵
        
        PID:19056
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        8⤵
        
        PID:8416
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        9⤵
        
        PID:19136
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        8⤵
        
        PID:15900
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        8⤵
        
        PID:9164
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        8⤵
        
        PID:18648
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        8⤵
        
        PID:18928
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:11232
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:17808
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        8⤵
        
        PID:12244
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:9316
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:18756
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:9720
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:18700
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:7648
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:12652
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:19096
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2724
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        8⤵
        
        PID:18484
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:10860
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:17872
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:9468
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:13260
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:8468
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:13536
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:3632
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:12740
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:19112
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:8724
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:18340
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:4636
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:8688
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:13220
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:7224
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:12588
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:19104
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1952
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:1856
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        8⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        9⤵
        
        PID:18436
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        8⤵
        
        PID:11660
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        8⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        8⤵
        
        PID:10688
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        9⤵
        
        PID:17832
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        8⤵
        
        PID:19048
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:8440
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:14268
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        8⤵
        
        PID:12708
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        8⤵
        
        PID:18896
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:10072
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:6756
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:10276
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:14192
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:18820
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:13108
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1340
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:7276
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        8⤵
        
        PID:18836
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:12228
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:8160
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:11508
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:156
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:14244
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:3628
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:7204
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:22216
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:12356
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:5632
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:11276
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:18116
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:8492
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:13544
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1792
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2644
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        8⤵
        
        PID:12756
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        8⤵
        
        PID:4184
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:9652
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:18904
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:9832
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:14308
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:19016
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:11548
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:3668
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:12236
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:5360
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:9300
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:18396
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:4740
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:9964
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:18156
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:7348
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:12604
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:4004
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:660
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:3648
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:18404
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:11680
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:5648
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:10792
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:22380
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:7568
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:14220
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:13188
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:8996
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:3768
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:5404
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:11492
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:8652
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:6276
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:5084
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:9380
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:13232
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:7360
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:18100
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:13212
- - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
    "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2424
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2004
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1704
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        8⤵
        
        PID:10768
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        8⤵
        
        PID:18140
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:13968
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:8980
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:12612
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:2324
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:17620
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:11428
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:3416
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:3116
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:8988
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:18912
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:17888
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:11540
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:4748
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:7940
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:18852
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:13116
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:6612
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:18108
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:11256
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:19888
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:980
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:3148
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:9424
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:13268
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:7372
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:13140
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:4876
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:8100
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:13084
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:6660
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:14008
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:11056
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2760
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:4432
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:7692
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:18880
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:13620
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:5604
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:12252
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:9660
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:8620
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:19032
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:4812
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:8112
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:19072
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:13284
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:6520
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:13788
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:10104
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:15932
- - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
    "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:3004
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2852
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:3276
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:10288
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:13516
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:7804
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:13068
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:5004
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:8564
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:13524
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:6652
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:18476
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:11048
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:2888
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:4448
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:9136
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:13172
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:7032
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:18076
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:11532
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:4828
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:8508
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:18200
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:6636
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:18208
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:11032
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:22880
- - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
    "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:796
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:3444
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:5384
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:10328
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:15884
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:8036
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:13092
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:5108
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:8960
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:18748
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:6596
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:17400
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:10836
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:17864
- - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
    "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2716
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:4380
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:7948
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:14228
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:5588
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:9628
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:14252
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:9308
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:13276
- - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
    "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
    3⤵
    PID:4776
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:7820
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:13124
- - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
    "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
    3⤵
    PID:6604
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:17612
- - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
    "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
    3⤵
    PID:10844
- - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
    "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
    3⤵
    PID:17856
- C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
  "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2164
- - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
    "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2796
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1220
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:1744
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        8⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        9⤵
        
        PID:19088
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        8⤵
        
        PID:12364
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        8⤵
        
        PID:12260
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        8⤵
        
        PID:23460
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:9276
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:18788
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        8⤵
        
        PID:14320
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:10080
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:22544
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:10784
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:18148
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:8548
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:18808
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:14284
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3056
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        8⤵
        
        PID:14160
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:9996
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        8⤵
        
        PID:8408
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:15868
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:10696
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:18968
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:8448
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:14292
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:3808
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:12204
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:8616
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:9668
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:6808
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:5132
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:9972
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:19120
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:7544
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:12596
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:6484
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1504
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2688
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:12220
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:12344
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:9636
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:18960
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:4012
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:13984
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:9988
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:15940
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:5512
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:10308
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:23468
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:15924
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:8432
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:17792
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2496
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:4212
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:7528
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:18940
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:10512
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:14300
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:5552
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:9704
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:22252
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:9492
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:13252
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:3252
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:6772
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:14016
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:11040
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:6412
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:5580
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:10760
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:18780
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:20232
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:8500
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:13552
- - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
    "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2828
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1700
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:3100
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:8944
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:18348
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:17896
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:11644
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:8732
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:4760
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:8180
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:13604
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:6620
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:17604
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:9744
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:22224
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2524
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:4112
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:7252
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:12372
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:5736
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:12300
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:8008
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:10556
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:13584
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:13924
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:22888
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:3904
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:6424
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:13868
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:10064
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:18192
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:5468
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:10672
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:22904
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:8028
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:18844
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:13076
- - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
    "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1784
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:3036
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:4336
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:8676
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:15916
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:7024
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:18976
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:11688
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:8628
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:4796
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:8532
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:19880
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:18460
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:6528
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:14000
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:10004
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:13940
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:23200
- - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
    "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2920
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:4284
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:7520
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:18364
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:12572
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:18984
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:5448
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:11336
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:9644
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:19008
- - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
    "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
    3⤵
    PID:3564
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:7132
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:18428
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:11240
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:19872
- - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
    "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
    3⤵
    PID:5596
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:10316
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:13592
- - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
    "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
    3⤵
    PID:8424
- - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
    "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
    3⤵
    PID:13576
- - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
    "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
    3⤵
    PID:22848
- C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
  "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1196
- - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
    "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:3000
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2212
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:3180
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:10664
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:18124
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:7536
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:19128
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:10484
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:18796
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:18444
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:4988
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:8524
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:14260
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:6628
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:18412
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:11248
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:18420
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:18888
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3048
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:4404
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:7492
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:13300
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:5528
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:11608
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:9500
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:13292
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:4732
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:8196
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:13976
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:6644
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:18084
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:11064
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:18164
- - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
    "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1292
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2820
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:4224
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:7232
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:18828
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:12212
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:8872
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:5160
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:11792
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:9292
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:18772
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:3512
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:6820
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:18716
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:11672
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:5712
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:10652
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:22232
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:8484
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:19040
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:13560
- - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
    "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1608
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:3680
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:6788
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:14024
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:10852
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:17816
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:5676
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:10936
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:22868
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:7576
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:10476
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:15892
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:13132
- - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
    "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
    3⤵
    PID:3792
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:5488
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:11864
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:9508
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:15908
- - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
    "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
    3⤵
    PID:5172
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:10268
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:14168
- - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
    "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
    3⤵
    PID:7552
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:18372
- - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
    "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
    3⤵
    PID:12580
- - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
    "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
    3⤵
    PID:19000
- C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
  "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:2572
- - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
    "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1868
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:1428
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:4624
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        7⤵
        
        PID:18860
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:13180
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:6552
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:17628
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:11104
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:22560
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:4704
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:7560
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:23192
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:14236
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:6560
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:13992
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:11024
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:4196
- - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
    "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
    3⤵
    PID:2372
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:4496
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:9120
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:13164
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:7008
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:18220
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:11652
- - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
    "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
    3⤵
    PID:4720
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:8092
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:18872
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:13100
- - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
    "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
    3⤵
    PID:6496
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:13932
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:8080
- - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
    "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
    3⤵
    PID:9980
- - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
    "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
    3⤵
    PID:15876
- C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
  "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:2344
- - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
    "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2368
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:4248
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:7380
      - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        6⤵
        
        PID:19080
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:13156
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:5504
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:9692
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:19024
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:9484
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:18764
- - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
    "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
    3⤵
    PID:4140
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:7124
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:18992
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:11420
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:20008
- - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
    "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
    3⤵
    PID:5764
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:12332
- - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
    "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
    3⤵
    PID:8456
- - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
    "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
    3⤵
    PID:14276
- C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
  "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2124
- - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
    "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
    3⤵
    PID:3976
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:7072
    - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
        5⤵
        
        PID:18244
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:11524
- - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
    "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
    3⤵
    PID:5608
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:11500
- - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
    "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
    3⤵
    PID:8476
- - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
    "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
    3⤵
    PID:13568
- C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
  "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
  2⤵
  PID:3916
- - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
    "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
    3⤵
    PID:6388
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:13744
  - - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
      "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
      4⤵
      PID:22896
- - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
    "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
    3⤵
    PID:10088
- - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
    "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
    3⤵
    PID:18692
- C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
  "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
  2⤵
  PID:5476
- - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
    "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
    3⤵
    PID:10296
- - C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
    "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
    3⤵
    PID:13668
- C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
  "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
  2⤵
  PID:8556
- C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe
  "C:\Users\Admin\AppData\Local\Temp\e39beb749bab9e7e012fe42b9bb04fc0N.exe"
  2⤵
  PID:18132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\american handjob bukkake voyeur glans boots (Sylvia).mpeg.exe

Filesize
481KB

MD5
fc7abfa6ce26e9ac1a36e49176efee39

SHA1
ee018f3a41e83dd366f6adcfc95f5ed7fc9dd2ca

SHA256
0ae20113f52bf02ab4949340e0bbc75e6e6a1c7a6583ea690b2a80ca5936e989

SHA512
b1b2328c2e2207fc3d5d6eccc8a3b8803652d40a7abf24f18894888164917dae923551b82fbb257795edf5259e6db6a5ce6ded50839195fe293804db67a9592b

Download Submit
C:\debug.txt

Filesize
183B

MD5
dd0e41368f7a609d554a2ba306ed262c

SHA1
cfdeeb9403740f8a7658865e4656a1eaac5f78e9

SHA256
61a4733de3cc8e6ec05d3c2493edd538cecb9467cc6f282bbb06921ca6bae578

SHA512
d503030060304676ad52464efc599b697652407835ddb3358a0539e7a6a63a723e6d37081dc1fffe481e6cf37499c0d0f4e1d66319cefae8c767f17ab68520cb

Download Submit
memory/564-135-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/564-124-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/660-162-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/660-175-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/776-171-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/776-182-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/796-152-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/980-141-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/980-153-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1196-108-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1196-109-0x0000000004E10000-0x0000000004E66000-memory.dmp

Filesize
344KB

Download
memory/1220-123-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1220-139-0x00000000045A0000-0x00000000045F6000-memory.dmp

Filesize
344KB

Download
memory/1284-115-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1292-172-0x0000000004E20000-0x0000000004E76000-memory.dmp

Filesize
344KB

Download
memory/1292-130-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1292-142-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1340-180-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1384-183-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1384-173-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1488-104-0x0000000004E50000-0x0000000004EA6000-memory.dmp

Filesize
344KB

Download
memory/1488-98-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1488-132-0x0000000004E60000-0x0000000004EB6000-memory.dmp

Filesize
344KB

Download
memory/1488-105-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1488-167-0x0000000004E60000-0x0000000004EB6000-memory.dmp

Filesize
344KB

Download
memory/1488-120-0x0000000004E60000-0x0000000004EB6000-memory.dmp

Filesize
344KB

Download
memory/1488-154-0x0000000004E60000-0x0000000004EB6000-memory.dmp

Filesize
344KB

Download
memory/1488-113-0x0000000004E50000-0x0000000004EA6000-memory.dmp

Filesize
344KB

Download
memory/1504-143-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1504-131-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1504-181-0x0000000004E40000-0x0000000004E96000-memory.dmp

Filesize
344KB

Download
memory/1608-177-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1608-164-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1700-137-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1700-148-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1704-163-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1744-140-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1744-128-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1784-144-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1784-134-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1792-156-0x0000000004E60000-0x0000000004EB6000-memory.dmp

Filesize
344KB

Download
memory/1792-136-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1856-138-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1868-150-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1952-106-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1952-117-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2004-129-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2004-159-0x0000000004E40000-0x0000000004E96000-memory.dmp

Filesize
344KB

Download
memory/2004-147-0x0000000004E40000-0x0000000004E96000-memory.dmp

Filesize
344KB

Download
memory/2004-118-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2088-86-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2088-97-0x0000000004E30000-0x0000000004E86000-memory.dmp

Filesize
344KB

Download
memory/2088-100-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2112-88-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2112-48-0x0000000004700000-0x0000000004756000-memory.dmp

Filesize
344KB

Download
memory/2112-0-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2112-87-0x0000000004700000-0x0000000004756000-memory.dmp

Filesize
344KB

Download
memory/2112-96-0x0000000004700000-0x0000000004756000-memory.dmp

Filesize
344KB

Download
memory/2124-179-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2124-168-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2132-121-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2132-133-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2164-102-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2164-89-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2212-157-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2212-146-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2344-145-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2424-111-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2424-103-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2424-116-0x0000000004E10000-0x0000000004E66000-memory.dmp

Filesize
344KB

Download
memory/2460-165-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2460-151-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2524-176-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2572-112-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2572-125-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2640-85-0x0000000004D10000-0x0000000004D66000-memory.dmp

Filesize
344KB

Download
memory/2640-95-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2640-114-0x0000000004D20000-0x0000000004D76000-memory.dmp

Filesize
344KB

Download
memory/2640-101-0x0000000004D20000-0x0000000004D76000-memory.dmp

Filesize
344KB

Download
memory/2640-99-0x0000000004D10000-0x0000000004D66000-memory.dmp

Filesize
344KB

Download
memory/2640-49-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2644-170-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2644-158-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2724-160-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2724-174-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2796-107-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2812-166-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2828-110-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2828-122-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2852-161-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2920-184-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3000-126-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3004-127-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3056-178-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3060-169-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3060-155-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download