f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65

Analysis

max time kernel
27s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
20/09/2024, 22:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
Size

1.9MB
MD5

64260d17d575ecd7e8ec3602ab9ce110
SHA1

9112efff7e05366bb0ce4bdd24ed4cd715375518
SHA256

f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65
SHA512

e32bd733cf5d46b1cda4ed6cc0a712aae0243ca8b3234b382e0bc67d37c11de6d8fb0b83f8514150ae2352c82fb30dd118a1b99dce44675c307bfe5cf10e233b
SSDEEP

49152:V/VJ66REO7hyLUfef975cnm1dm9glsAGJt48cWFcoWA1bp:pVgOloUc97H7mysH4Wj1d

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\G:	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File opened (read-only)	\??\M:	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File opened (read-only)	\??\S:	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File opened (read-only)	\??\X:	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File opened (read-only)	\??\Y:	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File opened (read-only)	\??\J:	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File opened (read-only)	\??\L:	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File opened (read-only)	\??\R:	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File opened (read-only)	\??\T:	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File opened (read-only)	\??\W:	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File opened (read-only)	\??\I:	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File opened (read-only)	\??\P:	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File opened (read-only)	\??\Q:	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File opened (read-only)	\??\Z:	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File opened (read-only)	\??\N:	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File opened (read-only)	\??\O:	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File opened (read-only)	\??\U:	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File opened (read-only)	\??\A:	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File opened (read-only)	\??\B:	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File opened (read-only)	\??\E:	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File opened (read-only)	\??\H:	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File opened (read-only)	\??\K:	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File opened (read-only)	\??\V:	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\FxsTmp\italian trambling lesbian .rar.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\blowjob trambling [free] beautyfull .rar.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\danish cumshot lesbian girls ash sweet .avi.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\beastiality gang bang catfight mistress .mpg.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\System32\DriverStore\Temp\brasilian animal beast girls ash stockings .avi.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\gang bang kicking full movie shoes .mpg.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\SysWOW64\IME\shared\asian fucking porn girls ash .rar.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\SysWOW64\FxsTmp\american hardcore bukkake uncut titts .mpg.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\SysWOW64\IME\shared\french kicking sleeping bondage .mpeg.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\trambling full movie (Ashley,Britney).rar.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Journal\Templates\tyrkish porn voyeur granny .mpg.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\danish gang bang horse several models feet shoes .zip.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Program Files (x86)\Google\Update\Download\gay beastiality sleeping glans .avi.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\indian blowjob voyeur nipples femdom (Jade).mpg.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\trambling gay sleeping hole hairy .mpg.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\french blowjob public sweet (Jenna,Samantha).avi.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Program Files\DVD Maker\Shared\african porn horse sleeping shower .mpg.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\tyrkish cumshot bukkake sleeping shower .rar.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\lingerie voyeur (Britney,Janette).rar.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\fetish [milf] (Sarah).avi.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\canadian gay voyeur .mpeg.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\kicking lingerie voyeur boobs gorgeoushorny (Liz,Gina).mpg.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Program Files (x86)\Google\Temp\indian porn lesbian .rar.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\italian bukkake catfight penetration (Britney).avi.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\lesbian sperm voyeur .zip.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\horse gang bang uncut boobs blondie (Jenna).mpg.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\brasilian horse lesbian licking lady .mpg.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\sperm horse girls .mpeg.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\italian lingerie fucking [bangbus] cock .zip.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\french hardcore hardcore [bangbus] fishy .mpg.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\blowjob horse voyeur legs sm .avi.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\indian action fetish hot (!) balls (Sarah,Sarah).zip.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\fetish lingerie sleeping black hairunshaved (Ashley).rar.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\cum sperm hot (!) 50+ .mpeg.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\blowjob cumshot licking feet .avi.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\japanese cum catfight legs .avi.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\brasilian cum porn lesbian .zip.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\french horse trambling hidden .zip.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\japanese handjob hidden legs pregnant .rar.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\beastiality bukkake sleeping gorgeoushorny .rar.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\hardcore catfight (Tatjana,Sandy).avi.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\handjob several models vagina .mpeg.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\spanish nude hot (!) ash (Jenna).rar.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\norwegian cumshot beastiality public glans (Sarah).avi.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\black cum beast voyeur cock wifey .zip.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\spanish action [milf] titts .rar.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\asian gay fucking hot (!) cock .rar.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\blowjob gay hot (!) legs (Britney,Ashley).mpg.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\british action cum uncut (Britney).zip.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\danish fetish kicking [bangbus] gorgeoushorny .zip.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\danish gay kicking licking hairy (Sonja).mpeg.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\gay [bangbus] bondage .rar.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\PLA\Templates\sperm blowjob public swallow .rar.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\tyrkish action xxx public traffic .avi.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\american handjob kicking uncut sm .mpg.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\malaysia animal kicking public nipples boots .avi.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\norwegian handjob trambling licking (Jenna).avi.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\asian hardcore beastiality sleeping (Christine).avi.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\blowjob nude lesbian .avi.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\canadian bukkake blowjob licking .rar.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\norwegian gay uncut hole .mpg.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\gay masturbation titts .rar.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\chinese cumshot [milf] stockings .rar.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\xxx sleeping titts wifey (Liz,Samantha).rar.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\norwegian nude masturbation lady (Curtney,Sonja).zip.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\russian cum fetish masturbation (Sonja).mpg.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\asian horse lesbian [free] (Melissa).avi.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\hardcore trambling [milf] penetration .zip.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\swedish sperm hot (!) hairy (Janette).rar.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\italian handjob hot (!) vagina .mpeg.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\gang bang blowjob lesbian boots .rar.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\italian kicking public glans ejaculation (Karin).avi.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\japanese hardcore uncut (Samantha).rar.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\gang bang trambling several models boobs .avi.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\mssrv.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\gang bang kicking voyeur .rar.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\beastiality several models .avi.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\porn big .avi.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\malaysia action sleeping .zip.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\cum voyeur .zip.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\german horse masturbation circumcision (Karin,Sylvia).avi.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\russian porn licking .avi.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\handjob hidden .avi.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\italian blowjob catfight black hairunshaved .mpg.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\cumshot sperm uncut (Kathrin,Sylvia).mpg.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\spanish kicking masturbation .mpeg.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\african cumshot cumshot hot (!) balls (Britney,Jenna).mpeg.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\indian nude blowjob [milf] glans .avi.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\danish lesbian [bangbus] ash balls .mpeg.exe	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2780	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
2268	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
2780	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
2024	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
2304	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
2268	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
2780	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
2640	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
2660	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
2268	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
2304	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
1356	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
2632	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
2024	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
2780	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
1284	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
2084	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
2956	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
2660	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
320	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
2640	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
2268	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
2304	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
332	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
2428	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
3060	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
2120	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
2024	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
1356	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
2632	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
2780	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
1336	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
1796	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
2380	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
2084	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
2660	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
1956	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
2196	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
900	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
2268	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
2304	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
2128	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
2640	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
844	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
844	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
332	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
332	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
2956	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
2956	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
1284	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
1284	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
320	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
320	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
1768	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
1768	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
964	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
964	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
2024	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
2024	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
1068	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
1068	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
2428	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
2428	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
2060	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2780 wrote to memory of 2268	2780	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe	31
PID 2780 wrote to memory of 2268	2780	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe	31
PID 2780 wrote to memory of 2268	2780	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe	31
PID 2780 wrote to memory of 2268	2780	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe	31
PID 2268 wrote to memory of 2024	2268	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe	32
PID 2268 wrote to memory of 2024	2268	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe	32
PID 2268 wrote to memory of 2024	2268	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe	32
PID 2268 wrote to memory of 2024	2268	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe	32
PID 2780 wrote to memory of 2304	2780	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe	33
PID 2780 wrote to memory of 2304	2780	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe	33
PID 2780 wrote to memory of 2304	2780	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe	33
PID 2780 wrote to memory of 2304	2780	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe	33
PID 2024 wrote to memory of 2640	2024	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe	34
PID 2024 wrote to memory of 2640	2024	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe	34
PID 2024 wrote to memory of 2640	2024	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe	34
PID 2024 wrote to memory of 2640	2024	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe	34
PID 2304 wrote to memory of 2660	2304	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe	35
PID 2304 wrote to memory of 2660	2304	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe	35
PID 2304 wrote to memory of 2660	2304	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe	35
PID 2304 wrote to memory of 2660	2304	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe	35
PID 2268 wrote to memory of 2632	2268	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe	36
PID 2268 wrote to memory of 2632	2268	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe	36
PID 2268 wrote to memory of 2632	2268	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe	36
PID 2268 wrote to memory of 2632	2268	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe	36
PID 2780 wrote to memory of 1356	2780	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe	37
PID 2780 wrote to memory of 1356	2780	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe	37
PID 2780 wrote to memory of 1356	2780	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe	37
PID 2780 wrote to memory of 1356	2780	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe	37
PID 2640 wrote to memory of 1284	2640	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe	38
PID 2640 wrote to memory of 1284	2640	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe	38
PID 2640 wrote to memory of 1284	2640	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe	38
PID 2640 wrote to memory of 1284	2640	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe	38
PID 2660 wrote to memory of 2084	2660	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe	39
PID 2660 wrote to memory of 2084	2660	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe	39
PID 2660 wrote to memory of 2084	2660	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe	39
PID 2660 wrote to memory of 2084	2660	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe	39
PID 2268 wrote to memory of 2956	2268	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe	40
PID 2268 wrote to memory of 2956	2268	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe	40
PID 2268 wrote to memory of 2956	2268	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe	40
PID 2268 wrote to memory of 2956	2268	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe	40
PID 2304 wrote to memory of 320	2304	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe	41
PID 2304 wrote to memory of 320	2304	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe	41
PID 2304 wrote to memory of 320	2304	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe	41
PID 2304 wrote to memory of 320	2304	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe	41
PID 2024 wrote to memory of 332	2024	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe	42
PID 2024 wrote to memory of 332	2024	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe	42
PID 2024 wrote to memory of 332	2024	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe	42
PID 2024 wrote to memory of 332	2024	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe	42
PID 2780 wrote to memory of 2428	2780	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe	43
PID 2780 wrote to memory of 2428	2780	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe	43
PID 2780 wrote to memory of 2428	2780	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe	43
PID 2780 wrote to memory of 2428	2780	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe	43
PID 1356 wrote to memory of 2120	1356	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe	44
PID 1356 wrote to memory of 2120	1356	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe	44
PID 1356 wrote to memory of 2120	1356	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe	44
PID 1356 wrote to memory of 2120	1356	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe	44
PID 2632 wrote to memory of 3060	2632	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe	45
PID 2632 wrote to memory of 3060	2632	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe	45
PID 2632 wrote to memory of 3060	2632	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe	45
PID 2632 wrote to memory of 3060	2632	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe	45
PID 2084 wrote to memory of 1336	2084	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe	46
PID 2084 wrote to memory of 1336	2084	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe	46
PID 2084 wrote to memory of 1336	2084	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe	46
PID 2084 wrote to memory of 1336	2084	f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe	46

C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
"C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2780
- C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
  "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2268
- - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2024
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2640
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:1284
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        8⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        9⤵
        
        PID:6448
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        10⤵
        
        PID:13976
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        9⤵
        
        PID:10332
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        9⤵
        
        PID:19160
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        8⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        9⤵
        
        PID:11080
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        9⤵
        
        PID:22604
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        8⤵
        
        PID:8076
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        9⤵
        
        PID:22760
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        8⤵
        
        PID:13872
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        8⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        9⤵
        
        PID:14096
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        9⤵
        
        PID:8868
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        8⤵
        
        PID:10848
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        8⤵
        
        PID:8656
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        8⤵
        
        PID:10284
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        8⤵
        
        PID:18968
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:9108
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:13680
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:11004
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        8⤵
        
        PID:8028
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        8⤵
        
        PID:13968
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:6740
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        8⤵
        
        PID:13488
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        8⤵
        
        PID:23336
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:10252
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:22736
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:7596
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:13800
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:8004
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:13912
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:9828
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:19044
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2380
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        8⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        9⤵
        
        PID:13440
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        9⤵
        
        PID:23272
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        8⤵
        
        PID:7864
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        9⤵
        
        PID:22320
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        8⤵
        
        PID:13664
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        8⤵
        
        PID:23288
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        8⤵
        
        PID:7372
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        9⤵
        
        PID:18952
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        8⤵
        
        PID:11268
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        8⤵
        
        PID:10296
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:7400
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        8⤵
        
        PID:17692
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:11056
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:22792
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        8⤵
        
        PID:11316
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        8⤵
        
        PID:23088
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:8816
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        8⤵
        
        PID:22304
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:11348
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:23144
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:9852
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:22712
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:22120
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:11380
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:22784
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:1256
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        8⤵
        
        PID:14024
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:9924
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:19092
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:11208
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:22572
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:23104
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:14356
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:3692
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:13376
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:23176
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:8824
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:13792
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:4800
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:9432
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:14160
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:7768
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:13752
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:332
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1768
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        8⤵
        
        PID:10216
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        8⤵
        
        PID:19264
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:7880
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:13608
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:23312
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:8476
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        8⤵
        
        PID:22024
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:14880
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:14064
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        8⤵
        
        PID:11016
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:10488
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:14144
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:1756
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:6320
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        8⤵
        
        PID:14128
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:10316
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:14856
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:10580
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:19312
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:8208
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:14720
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:3668
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:13576
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:8848
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:13760
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:4792
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:9804
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:22976
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:7784
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:23096
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:13592
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2940
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3220
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:10080
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:8432
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:8036
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:22112
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:14328
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:4664
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:9140
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:13712
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:6632
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:14040
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:10372
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:19168
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2252
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4500
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:8268
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:22076
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:14872
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:6552
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:14168
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:10356
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:22280
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4344
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:7744
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:20592
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:13504
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:23416
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:6208
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:13528
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:23408
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:9836
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:19060
- - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2632
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:3060
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2060
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        8⤵
        
        PID:10496
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        8⤵
        
        PID:14680
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        8⤵
        
        PID:22296
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:14648
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:8452
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        8⤵
        
        PID:17700
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:14200
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:13888
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:10620
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:14184
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:5748
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:2416
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        8⤵
        
        PID:22084
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:13832
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:14080
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:7688
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:10324
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:14664
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4292
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:7752
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:22328
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:13512
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:23128
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:6192
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:13688
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:9780
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:19208
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:1752
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:3344
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:11332
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:23152
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:8224
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:14632
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:4708
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:8636
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:18944
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:18536
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:6608
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:13704
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:10260
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:22360
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:2220
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:4992
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:9444
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:19192
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:7460
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:19216
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:11248
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:23208
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:4612
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:8008
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:22136
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:13880
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:23392
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:6720
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:13472
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:23280
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:2540
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:22596
- - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2956
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1956
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:1288
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        8⤵
        
        PID:13904
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:9788
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:19152
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:10504
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:14672
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:22344
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:13848
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:6772
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:3676
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:13568
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:23264
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:9116
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:13640
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:23040
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:4780
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:9408
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:19132
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:8052
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:22056
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:14624
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:3032
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:3948
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:14104
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:10364
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:22160
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:5484
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:13424
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:23328
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:8280
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:22188
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:14584
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4112
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:6788
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:18984
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:8840
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:13784
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:5740
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:11308
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:23352
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:8188
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:14576
- - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2196
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:648
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4180
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:7308
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:17664
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:13736
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:5992
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:13552
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:8808
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:16448
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:11428
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:23112
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:4128
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:7188
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:20440
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:11192
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:22984
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:5688
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:10840
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:7648
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:7888
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:23168
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:13656
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:23432
- - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
    3⤵
    PID:2152
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:4016
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:6428
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:14908
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:10340
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:14136
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:5476
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:11112
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:22288
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:8060
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:13856
- - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
    3⤵
    PID:3584
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:5760
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:11064
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:22744
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:7872
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:22992
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:13648
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:23448
- - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
    3⤵
    PID:4972
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:9380
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:22240
- - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
    3⤵
    PID:7352
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:19144
- - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
    3⤵
    PID:11284
- - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
    3⤵
    PID:23064
- C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
  "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2304
- - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2660
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2084
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:1336
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        8⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        9⤵
        
        PID:11072
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        9⤵
        
        PID:22752
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        8⤵
        
        PID:8288
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        9⤵
        
        PID:23120
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        8⤵
        
        PID:14560
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        8⤵
        
        PID:8900
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        8⤵
        
        PID:11216
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        8⤵
        
        PID:22400
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        8⤵
        
        PID:17716
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:13816
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        8⤵
        
        PID:11324
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        8⤵
        
        PID:23424
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:8520
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:19200
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:7416
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        8⤵
        
        PID:17676
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:11176
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:22272
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:7360
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:11104
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:22488
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:288
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        8⤵
        
        PID:14900
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:10096
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:22256
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:10572
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:19004
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:23200
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:13624
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:23184
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3576
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:13520
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:23360
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:8200
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:23056
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:14600
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4956
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:7368
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:13728
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:7344
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:10060
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:11240
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:23232
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1796
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:540
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        8⤵
        
        PID:14016
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        8⤵
        
        PID:23400
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:9932
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:19068
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:11200
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:22380
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:8216
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:14608
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3560
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:13560
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:8232
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:22216
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:14496
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4948
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:7660
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:23256
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:11340
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:21476
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:7336
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:16456
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:11256
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:22564
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2172
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4208
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:7624
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:22808
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:11388
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:23224
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:6080
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:9128
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:14032
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:9368
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:22152
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:19176
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4120
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:7160
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:19020
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:10444
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:14112
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:5696
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:11120
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:22720
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:7856
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:23000
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:13672
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:10596
- - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:320
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:844
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2688
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        8⤵
        
        PID:18936
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:11232
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:21484
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:13456
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:23376
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:8832
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:5136
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:13776
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4144
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:7180
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:13992
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:23384
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:11048
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:22768
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:5768
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:13416
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:23080
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:8180
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:22096
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:14616
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:2008
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:4412
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:22196
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:14000
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:6276
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:14088
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:3780
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:10088
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:22264
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4256
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:7612
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:13808
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:6096
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:13744
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:23248
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:9772
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:20600
- - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2128
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2764
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:2260
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:13984
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:8856
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:13584
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:3960
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:5732
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:13480
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:8172
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:14592
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:4136
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:7268
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:11224
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:22388
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:5780
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:11184
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:22728
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:8124
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:22064
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:14656
- - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1764
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3996
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:6400
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:14120
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:10184
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:10980
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:2860
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:5468
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:13384
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:23440
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:8068
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:22248
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:13632
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:23296
- - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
    3⤵
    PID:3660
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:5852
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:13696
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:8116
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:23136
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:14640
- - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
    3⤵
    PID:4772
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:9812
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:9124
- - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
    3⤵
    PID:7796
- - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
    3⤵
    PID:11396
- - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
    3⤵
    PID:23216
- C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
  "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1356
- - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2120
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1068
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3328
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:10512
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:14688
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:8444
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:14216
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:4692
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:8644
        
        C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        7⤵
        
        PID:23240
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:19076
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:6640
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:13432
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:23368
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:11088
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:22776
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:2988
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4452
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:8492
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:18992
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:6600
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:14048
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:10300
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:14208
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4272
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:7604
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:22144
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:13824
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:6088
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:13392
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:9844
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:19052
- - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1992
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:3276
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:5228
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:10172
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:19288
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:8100
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:23048
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:13864
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4676
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:8484
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:14864
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:6624
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:13464
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:23344
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:10308
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:19224
- - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2472
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:4808
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:8976
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:22104
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:19184
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:7256
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:17684
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:10832
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:8256
- - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4588
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:8260
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:14552
- - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
    3⤵
    PID:6728
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:14056
- - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
    3⤵
    PID:10628
- - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
    3⤵
    PID:14192
- C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
  "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:2428
- - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:964
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3284
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:5264
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:10192
      - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        6⤵
        
        PID:19256
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:7896
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:14568
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:10200
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:4684
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:9152
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:13616
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:23160
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:6616
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:13896
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:11096
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:22472
- - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
    3⤵
    PID:1824
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:4464
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:7996
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:13960
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:23304
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:6560
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:13448
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:23072
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:10348
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:19028
- - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4264
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:7808
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:21492
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:13720
- - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
    3⤵
    PID:6104
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:13368
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:23456
- - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
    3⤵
    PID:9228
- - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
    3⤵
    PID:14176
- - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
    3⤵
    PID:10888
- C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
  "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
  2⤵
  PID:1704
- - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3352
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:5304
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:10588
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:17708
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:8092
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:22312
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:13840
- - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
    3⤵
    PID:4700
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:8928
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:11276
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:23192
- - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
    3⤵
    PID:6748
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:14072
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:2680
- - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
    3⤵
    PID:10636
- - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
    3⤵
    PID:8440
- C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
  "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2712
- - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
    3⤵
    PID:4840
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:8872
    - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
        5⤵
        
        PID:22336
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:14008
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:9100
- - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
    3⤵
    PID:7284
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:19232
- - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
    3⤵
    PID:13768
- C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
  "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
  2⤵
  PID:4620
- - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
    3⤵
    PID:8500
  - - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
      "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
      4⤵
      PID:22128
- - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
    3⤵
    PID:19084
- C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
  "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
  2⤵
  PID:6656
- - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
    3⤵
    PID:13496
- - C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
    "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
    3⤵
    PID:23320
- C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
  "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
  2⤵
  PID:10244
- C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe
  "C:\Users\Admin\AppData\Local\Temp\f06ffbdef1e9a2dbf895d6537ee7f9570717ed0f6897ba1ce1da42da527b2e65N.exe"
  2⤵
  PID:22588

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\danish gang bang horse several models feet shoes .zip.exe

Filesize
1.0MB

MD5
f25d5fd41eae43f471f1c4b9257eb935

SHA1
464f87a23b615ce08b0ea1d1f50fa782159167ea

SHA256
ca01b42658429e1a7f44b3da3642c5604147e0687d7dd8111333964323972ba4

SHA512
86b5cc22fcafa51ce5bcedf6bf7a14937c2e373434e57ebfa10debfe1e62062d6e5a447c4db7d01c48b4321bf5c587bb3ad360fc715578cbf30c4b7ec11aba55

Download Submit
C:\debug.txt

Filesize
183B

MD5
492c22cd5099538d2c18dbec517682db

SHA1
1d9435c3311619d5f663a87008e2c08648fd1727

SHA256
1a4945b546641af848bb4a367d06a3e2d4736c73e4f5d3b8a9e0966fdc6e1471

SHA512
f0fbd9a2b1773a2857aedafef3901ffb62c03014fd9463e83513cf5d0882cb39eae45a27ce205e67e8fe47042c5c4f03e1c80495ef9135efcc31ed8bd72d99cb

Download Submit