2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372

Analysis

max time kernel
23s
max time network
59s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21/09/2024, 02:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
Size

479KB
MD5

639e7ade8eadb8b45442b22fcf1f7530
SHA1

538f29a49e26a43eab4699b26a778645951f2b30
SHA256

2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372
SHA512

209fce77dfd0fcd7cae41b04f9cfe3f5b2f35ff2e1a1a2383dfa3a0ec96531c19f72369920fc4f897e4788910a89f85112745fd21b214116b95f357ffa085d32
SSDEEP

12288:dXCNi9BXft26aZKhs7+kybnRw5XcEOXK5Q:oWXftzOWeXcDXyQ

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\H:	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File opened (read-only)	\??\I:	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File opened (read-only)	\??\L:	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File opened (read-only)	\??\V:	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File opened (read-only)	\??\W:	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File opened (read-only)	\??\X:	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File opened (read-only)	\??\Y:	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File opened (read-only)	\??\E:	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File opened (read-only)	\??\N:	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File opened (read-only)	\??\T:	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File opened (read-only)	\??\A:	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File opened (read-only)	\??\B:	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File opened (read-only)	\??\G:	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File opened (read-only)	\??\K:	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File opened (read-only)	\??\M:	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File opened (read-only)	\??\O:	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File opened (read-only)	\??\P:	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File opened (read-only)	\??\S:	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File opened (read-only)	\??\U:	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File opened (read-only)	\??\Z:	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File opened (read-only)	\??\J:	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File opened (read-only)	\??\Q:	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File opened (read-only)	\??\R:	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\IME\shared\indian sperm cumshot girls .zip.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\kicking action hot (!) glans ejaculation (Melissa,Sonja).zip.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\chinese kicking fetish girls .rar.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\SysWOW64\IME\shared\german bukkake action lesbian .rar.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\canadian bukkake full movie .avi.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\russian cumshot girls nipples wifey .rar.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\System32\DriverStore\Temp\cumshot beast public redhair (Christine).zip.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\SysWOW64\FxsTmp\canadian blowjob voyeur (Kathrin,Anniston).zip.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\hardcore public wifey .mpg.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\SysWOW64\FxsTmp\bukkake gang bang voyeur .avi.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Common Files\microsoft shared\handjob big titts (Samantha,Jade).mpg.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\black cum fetish [bangbus] ash fishy .avi.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\gang bang uncut legs gorgeoushorny .mpg.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\italian lingerie public mature (Anniston).rar.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Program Files\Windows Journal\Templates\malaysia animal full movie mature (Sarah).mpeg.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\german bukkake sperm licking wifey (Tatjana).mpeg.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\lingerie sleeping (Sonja).rar.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\german action girls fishy (Melissa,Karin).mpeg.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\kicking girls (Curtney).rar.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Program Files (x86)\Google\Temp\nude gang bang [bangbus] (Christine).avi.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Program Files (x86)\Google\Update\Download\asian horse porn licking circumcision .mpeg.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\black blowjob handjob several models mature .avi.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\american sperm big ash leather .rar.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Program Files\DVD Maker\Shared\beast gay [bangbus] upskirt .mpeg.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\tyrkish lingerie several models hairy .mpeg.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\malaysia horse nude girls traffic .mpeg.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\cum hidden .avi.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\spanish cumshot sperm [milf] ash mature .rar.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\british cum bukkake public ash .avi.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\winsxs\Temp\spanish cum horse uncut vagina .mpg.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\beastiality cum catfight nipples upskirt .avi.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\sperm catfight legs .rar.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\animal beastiality big (Sonja,Gina).mpg.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\gay lesbian [free] nipples high heels .mpg.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\cum horse public glans circumcision (Anniston).zip.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\lingerie action uncut sweet .avi.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\norwegian xxx hidden sm .zip.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\french hardcore [free] hole .zip.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\canadian horse [bangbus] hole .mpeg.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\xxx hot (!) .rar.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\norwegian porn porn voyeur vagina fishy .mpg.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\cumshot girls glans .rar.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\beast girls ash hairy .zip.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\bukkake girls young .avi.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\mssrv.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\blowjob lesbian sleeping penetration .mpeg.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\black animal gang bang catfight vagina blondie (Samantha).zip.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\cumshot blowjob hot (!) granny .mpg.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\trambling cumshot [bangbus] redhair .mpeg.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\swedish fucking licking shower .rar.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\cumshot voyeur (Christine,Gina).rar.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\french trambling cumshot lesbian leather .avi.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\action several models glans granny .avi.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\animal handjob full movie leather (Jenna,Gina).mpeg.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\spanish xxx handjob [free] (Sonja,Sylvia).zip.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\horse hardcore [milf] .mpg.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\cum trambling big mistress .rar.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\indian horse big boobs .mpg.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\tyrkish cumshot public bedroom .mpg.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\british nude porn hot (!) redhair (Samantha).rar.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\animal sleeping .mpg.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\indian xxx bukkake catfight mistress (Tatjana,Sylvia).mpg.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\canadian fucking hardcore masturbation pregnant .avi.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\spanish horse voyeur nipples YEâPSè& .mpeg.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\fetish full movie mature .avi.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\blowjob lesbian ash ìï .mpg.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\danish beastiality gay licking bedroom .mpg.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\brasilian lesbian catfight castration .avi.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\japanese cumshot full movie mature .avi.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\black fetish porn voyeur .avi.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\chinese bukkake several models .mpg.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\kicking horse masturbation femdom .mpg.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\blowjob uncut boobs redhair (Gina,Sonja).mpg.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\PLA\Templates\russian sperm cumshot uncut nipples .avi.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\tyrkish nude xxx [milf] ejaculation .mpg.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\british trambling uncut traffic .zip.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\brasilian gay sleeping hotel (Britney).rar.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\handjob big (Sonja).avi.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\brasilian animal several models (Britney,Christine).mpeg.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\swedish horse kicking uncut (Liz).zip.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\xxx uncut mature .mpeg.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\malaysia cum gang bang full movie .rar.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\winsxs\InstallTemp\indian horse lesbian black hairunshaved .mpg.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\xxx animal girls beautyfull .zip.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\hardcore hardcore [free] wifey .mpg.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\indian fetish public shoes .zip.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\danish hardcore bukkake uncut titts .rar.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\russian cum blowjob masturbation .mpg.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\british cum porn voyeur (Janette).rar.exe	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2012	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
2796	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
2012	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
1616	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
2916	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
2796	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
2012	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
572	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
1472	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
1664	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
2916	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
536	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
2796	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
1616	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
2012	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
588	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
1296	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
1472	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
2820	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
572	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
1812	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
2916	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
2796	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
628	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
2960	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
2784	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
1384	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
1664	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
536	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
1616	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
2012	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
2148	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
268	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
1296	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
376	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
588	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
588	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
1472	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
1472	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
356	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
356	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
2916	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
2916	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
1156	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
1156	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
696	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
696	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
1812	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
1812	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
1080	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
1080	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
2796	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
2796	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
628	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
628	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
2960	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
2960	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
536	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
536	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
2784	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
2784	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
2784	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
284	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
284	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2012 wrote to memory of 2796	2012	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe	30
PID 2012 wrote to memory of 2796	2012	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe	30
PID 2012 wrote to memory of 2796	2012	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe	30
PID 2012 wrote to memory of 2796	2012	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe	30
PID 2796 wrote to memory of 1616	2796	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe	31
PID 2796 wrote to memory of 1616	2796	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe	31
PID 2796 wrote to memory of 1616	2796	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe	31
PID 2796 wrote to memory of 1616	2796	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe	31
PID 2012 wrote to memory of 2916	2012	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe	32
PID 2012 wrote to memory of 2916	2012	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe	32
PID 2012 wrote to memory of 2916	2012	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe	32
PID 2012 wrote to memory of 2916	2012	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe	32
PID 1616 wrote to memory of 572	1616	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe	33
PID 1616 wrote to memory of 572	1616	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe	33
PID 1616 wrote to memory of 572	1616	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe	33
PID 1616 wrote to memory of 572	1616	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe	33
PID 2916 wrote to memory of 1472	2916	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe	34
PID 2916 wrote to memory of 1472	2916	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe	34
PID 2916 wrote to memory of 1472	2916	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe	34
PID 2916 wrote to memory of 1472	2916	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe	34
PID 2796 wrote to memory of 1664	2796	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe	35
PID 2796 wrote to memory of 1664	2796	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe	35
PID 2796 wrote to memory of 1664	2796	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe	35
PID 2796 wrote to memory of 1664	2796	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe	35
PID 2012 wrote to memory of 536	2012	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe	36
PID 2012 wrote to memory of 536	2012	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe	36
PID 2012 wrote to memory of 536	2012	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe	36
PID 2012 wrote to memory of 536	2012	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe	36
PID 572 wrote to memory of 588	572	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe	37
PID 572 wrote to memory of 588	572	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe	37
PID 572 wrote to memory of 588	572	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe	37
PID 572 wrote to memory of 588	572	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe	37
PID 1472 wrote to memory of 1296	1472	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe	38
PID 1472 wrote to memory of 1296	1472	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe	38
PID 1472 wrote to memory of 1296	1472	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe	38
PID 1472 wrote to memory of 1296	1472	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe	38
PID 1664 wrote to memory of 2820	1664	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe	39
PID 1664 wrote to memory of 2820	1664	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe	39
PID 1664 wrote to memory of 2820	1664	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe	39
PID 1664 wrote to memory of 2820	1664	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe	39
PID 2916 wrote to memory of 1812	2916	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe	40
PID 2916 wrote to memory of 1812	2916	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe	40
PID 2916 wrote to memory of 1812	2916	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe	40
PID 2916 wrote to memory of 1812	2916	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe	40
PID 2796 wrote to memory of 2784	2796	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe	41
PID 2796 wrote to memory of 2784	2796	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe	41
PID 2796 wrote to memory of 2784	2796	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe	41
PID 2796 wrote to memory of 2784	2796	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe	41
PID 536 wrote to memory of 628	536	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe	42
PID 536 wrote to memory of 628	536	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe	42
PID 536 wrote to memory of 628	536	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe	42
PID 536 wrote to memory of 628	536	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe	42
PID 1616 wrote to memory of 1384	1616	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe	43
PID 1616 wrote to memory of 1384	1616	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe	43
PID 1616 wrote to memory of 1384	1616	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe	43
PID 1616 wrote to memory of 1384	1616	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe	43
PID 2012 wrote to memory of 2960	2012	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe	44
PID 2012 wrote to memory of 2960	2012	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe	44
PID 2012 wrote to memory of 2960	2012	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe	44
PID 2012 wrote to memory of 2960	2012	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe	44
PID 588 wrote to memory of 2148	588	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe	46
PID 588 wrote to memory of 2148	588	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe	46
PID 588 wrote to memory of 2148	588	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe	46
PID 588 wrote to memory of 2148	588	2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe	46

C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
"C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2012
- C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
  "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2796
- - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
    "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1616
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:572
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:588
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        9⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        10⤵
        
        PID:13564
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        9⤵
        
        PID:8784
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        9⤵
        
        PID:15788
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        8⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        9⤵
        
        PID:8488
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        9⤵
        
        PID:20936
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        8⤵
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        9⤵
        
        PID:13268
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        8⤵
        
        PID:11872
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        8⤵
        
        PID:21076
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        8⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        9⤵
        
        PID:10936
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        9⤵
        
        PID:21060
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        8⤵
        
        PID:9740
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        8⤵
        
        PID:20904
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        8⤵
        
        PID:8412
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        8⤵
        
        PID:17264
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        8⤵
        
        PID:23848
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        8⤵
        
        PID:13536
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        8⤵
        
        PID:22732
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:9148
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:20856
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        8⤵
        
        PID:7408
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        8⤵
        
        PID:11880
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        8⤵
        
        PID:10928
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        8⤵
        
        PID:22880
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:7600
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:10516
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:22976
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:11036
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:22688
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:9784
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:20888
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:8824
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:17124
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:696
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        8⤵
        
        PID:7672
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        8⤵
        
        PID:12204
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        8⤵
        
        PID:22864
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        8⤵
        
        PID:10976
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        8⤵
        
        PID:23000
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:9076
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:17692
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:8076
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:12148
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:12188
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:21068
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:8792
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:17236
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3196
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:11816
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:7624
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:10556
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:21404
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:4992
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:7740
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:13308
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:22632
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:6612
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:8220
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:20952
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1384
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2812
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        8⤵
        
        PID:8452
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        8⤵
        
        PID:18820
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:7512
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:12180
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:8028
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:20080
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:6372
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:9044
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:19548
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3228
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:11896
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:8732
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:16796
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:23812
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:5112
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:8016
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:13316
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:6592
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:11000
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2168
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3104
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:13300
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:23780
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:10992
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:21044
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:8848
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:16804
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:23796
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:4540
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:9176
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:17676
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:6124
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:13336
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:22740
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:9672
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:19120
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:3212
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:5508
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:10548
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:17272
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:7648
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:10532
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:3176
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:5068
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:8344
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:20056
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:6576
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:11068
- - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
    "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1664
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2820
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1156
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        8⤵
        
        PID:9036
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        8⤵
        
        PID:20532
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        8⤵
        
        PID:11800
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        8⤵
        
        PID:22968
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:9680
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:20824
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:12260
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:22532
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:6004
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:10024
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:22256
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3236
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:10896
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:17668
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:8100
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:12172
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:5016
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:8228
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:20608
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:6584
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:13244
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:8724
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:20672
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:284
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2856
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:8896
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:19032
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:6416
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:8904
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:19024
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:4444
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:6856
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:8980
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:17288
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:5284
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:9688
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:20684
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:3204
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:4528
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:8372
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:11784
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:22624
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:7504
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:11028
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:4984
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:9236
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:16860
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:6604
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:13276
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:22672
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:11016
- - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
    "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2784
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:3056
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3300
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:10120
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:11888
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:7996
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:12252
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:4056
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:8440
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:20616
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:6568
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:10960
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:21036
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:11060
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:22696
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2604
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:4596
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:8064
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:13324
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:23516
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:6176
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:11108
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:4380
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:8044
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:12132
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:5252
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:9648
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:1244
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:11116
- - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
    "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1796
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3292
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:5132
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:10140
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:17104
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:8132
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:11840
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:22888
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:4080
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:6164
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:12212
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:23408
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:6536
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:10968
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:22856
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:11100
- - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
    "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2896
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:3716
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:6800
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:9100
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:20912
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:5952
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:12196
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:22648
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:8816
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:16444
- - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
    "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
    3⤵
    PID:3988
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:6812
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:13260
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:8964
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:19136
- - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
    "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
    3⤵
    PID:5564
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:7972
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:11856
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:22904
- - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
    "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
    3⤵
    PID:7636
- - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
    "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
    3⤵
    PID:10564
- - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
    "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
    3⤵
    PID:22992
- C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
  "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2916
- - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
    "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1472
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1296
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:268
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        8⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        9⤵
        
        PID:9640
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        9⤵
        
        PID:21520
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        8⤵
        
        PID:10472
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        8⤵
        
        PID:9816
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        8⤵
        
        PID:19184
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:7988
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:12236
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:6340
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:9052
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:19176
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:10912
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:20500
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:8800
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:17660
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2336
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:10464
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:20960
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:10440
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:22680
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:12300
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:22896
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:8988
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:20064
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:3684
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:12284
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:22656
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:10456
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:4964
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:8380
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:20848
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:6888
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:8996
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:20072
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:376
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2288
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        8⤵
        
        PID:11944
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        8⤵
        
        PID:22664
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:9632
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:17280
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:10080
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:11808
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:22616
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:7980
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:12116
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:23672
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3724
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:6020
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:9696
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:20832
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:5140
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:10004
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:20592
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:8152
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:11864
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:22872
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2460
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3828
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:6504
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:9128
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:20692
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:5704
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:10132
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:17112
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:8856
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:17640
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:23192
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:3740
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:7140
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:9252
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:17632
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:5256
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:10064
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:17164
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:8116
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:11848
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:22960
- - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
    "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1812
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:356
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2904
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:11916
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:23024
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:5916
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:8832
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:17136
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:3884
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:7580
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:12124
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:22712
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:5376
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:7880
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:11832
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:22848
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:7704
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:10504
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:20788
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:2228
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:3708
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:8088
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:12140
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:5688
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:8760
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:20724
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:8712
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:19112
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:3908
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:6832
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:9136
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:20872
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:5400
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:10952
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:23016
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:7608
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:10448
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:20864
- - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
    "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1080
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2908
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:4364
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:6776
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:9108
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:20920
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:5228
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:10944
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:22952
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:9748
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:20896
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:3916
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:7488
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:13524
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:23416
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:12156
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:5440
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:9808
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:20716
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:7676
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:10524
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:21092
- - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
    "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2764
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:3860
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:7132
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:8320
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:20708
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:5352
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:10920
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:7716
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:10496
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:20816
- - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
    "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
    3⤵
    PID:3800
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:6620
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:13704
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:8500
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:20944
- - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
    "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
    3⤵
    PID:5332
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:10168
- - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
    "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
    3⤵
    PID:7724
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:13292
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:21084
- - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
    "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
    3⤵
    PID:10480
- - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
    "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
    3⤵
    PID:5524
- C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
  "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:536
- - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
    "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:628
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3000
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3260
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:12064
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        7⤵
        
        PID:13688
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:9004
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:16812
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:23788
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:5104
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:8472
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:21008
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:6544
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:11008
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2612
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:4424
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:6156
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:16404
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:6012
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:11792
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:22912
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:9664
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:19144
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:3932
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:7480
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:13644
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:12164
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:5468
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:10112
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:20576
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:7688
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:10488
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:22984
- - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
    "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1692
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:1632
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:4764
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:8272
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:12228
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:22640
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:6364
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:10984
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:23008
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:9060
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:20880
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:4504
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:9192
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:21512
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:6168
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:10432
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:20584
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:11076
- - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
    "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2600
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:4652
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:9024
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:20976
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:6356
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:8740
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:16824
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:23804
- - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
    "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
    3⤵
    PID:4396
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:6788
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:13252
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:9120
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:20808
- - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
    "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
    3⤵
    PID:5216
- - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
    "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
    3⤵
    PID:9760
- - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
    "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
    3⤵
    PID:20732
- C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
  "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:2960
- - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
    "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:308
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3076
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:4940
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:9212
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:20488
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:6408
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:10888
      - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        6⤵
        
        PID:21052
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:9068
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:20968
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:4512
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:8144
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:12220
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:22724
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:6048
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:10572
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:23200
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:9656
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:17296
- - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
    "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2628
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:4112
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:7444
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:11824
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:21528
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:5944
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:8808
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:16888
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:23740
- - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
    "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
    3⤵
    PID:3924
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:6844
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:13696
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:8972
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:19128
- - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
    "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
    3⤵
    PID:5448
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:11084
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:22704
- - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
    "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
    3⤵
    PID:7660
- - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
    "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
    3⤵
    PID:10540
- - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
    "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
    3⤵
    PID:21100
- C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
  "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
  2⤵
  PID:2188
- - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
    "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3268
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:4524
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:10012
    - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
        5⤵
        
        PID:20600
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:8004
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:12056
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:23184
- - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
    "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
    3⤵
    PID:5096
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:7616
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:13284
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:21276
- - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
    "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
    3⤵
    PID:6552
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:10904
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:22944
- - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
    "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
    3⤵
    PID:11044
- C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
  "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3220
- - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
    "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
    3⤵
    PID:5492
  - - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
      "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
      4⤵
      PID:11092
- - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
    "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
    3⤵
    PID:7540
- - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
    "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
    3⤵
    PID:17620
- C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
  "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
  2⤵
  PID:5084
- - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
    "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
    3⤵
    PID:8876
- - C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
    "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
    3⤵
    PID:21000
- C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
  "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
  2⤵
  PID:6560
- C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe
  "C:\Users\Admin\AppData\Local\Temp\2d889f37409495430afce759394da4cb26d080532e36aaaf2eccf712ca624372N.exe"
  2⤵
  PID:11052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\kicking girls (Curtney).rar.exe

Filesize
1.9MB

MD5
3854d73356dacb747a730c23f28b0090

SHA1
14bc2aec9101c68eeb04d9b9d61f3a03f1995ad2

SHA256
06159253ef3d95bb88d0ea2b558a007a5fa44f54820099c589df489e1994fab6

SHA512
1a7be33d2d7b18d9f84b379876cfee836f1f7d2341e0aaf321ce23fe6790a64c362ff58d43c5016915201f80ee9b7bb4aefb7a32829ed2ce4208a9493524ba0c

Download Submit
C:\debug.txt

Filesize
183B

MD5
7734fb5fa9b12c3466cd068a95ec015a

SHA1
f16efe332712aec321b4756ac4f817589e198e0d

SHA256
7089b7dc76b1703a0689d1f7022da382b74d9c8dcff10f5c411cb0841ad7d06d

SHA512
3908820d8496110a5a10c53cec6f8c60786ed301e29ec75e9ae8682cd603f197bbce4a69c85f59f91f865f8fd181a106e96934e1c6bb6f2e2f613a32d0f45977

Download Submit
memory/268-149-0x00000000050A0000-0x00000000050CB000-memory.dmp

Filesize
172KB

Download
memory/268-120-0x0000000004590000-0x00000000045BB000-memory.dmp

Filesize
172KB

Download
memory/268-102-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/284-113-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/308-115-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/356-106-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/376-147-0x0000000004F20000-0x0000000004F4B000-memory.dmp

Filesize
172KB

Download
memory/376-105-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/536-179-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/536-175-0x0000000005080000-0x00000000050AB000-memory.dmp

Filesize
172KB

Download
memory/572-176-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/588-92-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/588-100-0x00000000045A0000-0x00000000045CB000-memory.dmp

Filesize
172KB

Download
memory/588-180-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/588-164-0x00000000045E0000-0x000000000460B000-memory.dmp

Filesize
172KB

Download
memory/588-125-0x00000000045E0000-0x000000000460B000-memory.dmp

Filesize
172KB

Download
memory/628-98-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1080-134-0x0000000004590000-0x00000000045BB000-memory.dmp

Filesize
172KB

Download
memory/1080-107-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1156-171-0x0000000001DE0000-0x0000000001E0B000-memory.dmp

Filesize
172KB

Download
memory/1156-104-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1296-93-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1296-122-0x0000000005080000-0x00000000050AB000-memory.dmp

Filesize
172KB

Download
memory/1296-183-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1296-101-0x00000000045A0000-0x00000000045CB000-memory.dmp

Filesize
172KB

Download
memory/1384-97-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1384-111-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/1472-148-0x0000000005070000-0x000000000509B000-memory.dmp

Filesize
172KB

Download
memory/1472-126-0x0000000005060000-0x000000000508B000-memory.dmp

Filesize
172KB

Download
memory/1472-182-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/1472-90-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1472-178-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1616-172-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1616-114-0x0000000001E70000-0x0000000001E9B000-memory.dmp

Filesize
172KB

Download
memory/1664-177-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1664-89-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1692-110-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1692-181-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/1732-121-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1732-138-0x0000000004E00000-0x0000000004E2B000-memory.dmp

Filesize
172KB

Download
memory/1796-108-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1812-130-0x00000000050A0000-0x00000000050CB000-memory.dmp

Filesize
172KB

Download
memory/1812-96-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1972-119-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1972-136-0x0000000004590000-0x00000000045BB000-memory.dmp

Filesize
172KB

Download
memory/2012-116-0x0000000004F90000-0x0000000004FBB000-memory.dmp

Filesize
172KB

Download
memory/2012-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2012-140-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2148-141-0x0000000005060000-0x000000000508B000-memory.dmp

Filesize
172KB

Download
memory/2148-103-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2148-118-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/2188-117-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2288-145-0x0000000004590000-0x00000000045BB000-memory.dmp

Filesize
172KB

Download
memory/2288-124-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2336-143-0x0000000004E10000-0x0000000004E3B000-memory.dmp

Filesize
172KB

Download
memory/2336-123-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2460-127-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2628-133-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2764-154-0x0000000004E00000-0x0000000004E2B000-memory.dmp

Filesize
172KB

Download
memory/2764-129-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2784-95-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2784-185-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2788-128-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2796-163-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2820-184-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2820-94-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2856-135-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2896-168-0x0000000004E00000-0x0000000004E2B000-memory.dmp

Filesize
172KB

Download
memory/2896-132-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2904-131-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2908-173-0x0000000004590000-0x00000000045BB000-memory.dmp

Filesize
172KB

Download
memory/2916-88-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/2916-174-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2960-157-0x0000000005080000-0x00000000050AB000-memory.dmp

Filesize
172KB

Download
memory/2960-99-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3000-109-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3056-112-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3528-137-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3572-139-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3604-142-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3648-144-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3676-150-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3684-146-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3708-169-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3724-153-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3740-151-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3756-156-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3800-152-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3828-161-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3848-155-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3860-162-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3884-158-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3916-159-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3932-160-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4040-167-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4104-170-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download