30d6f28f9337cdd6320f9417ad1012f1af34e0904f75826bcc8655c295ae63f5

Analysis

max time kernel
19s
max time network
124s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
13-08-2024 18:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

95374287f02fcd0c28cac3f643e66950N.exe
Size

1.6MB
MD5

95374287f02fcd0c28cac3f643e66950
SHA1

9110f7542c89977ff668d1aeb1eedd659ddac915
SHA256

30d6f28f9337cdd6320f9417ad1012f1af34e0904f75826bcc8655c295ae63f5
SHA512

dd41d4b1f06959746e3e7c0daeaf719c740c2c30f32a10ae73f782babb5d8089df57407c76854285ff95ef2b16e5f7810345570624ba2ddc06a0783eaae11960
SSDEEP

24576:oWYICWi4VQFHo73ZQLo2da7oAPMgiB4pxoxoXSIcUnpkOBuCdIOG3GNdPQH5Q:VYKWsuo2E7oYMgi0BSIc7j8NdYHm

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	95374287f02fcd0c28cac3f643e66950N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\J:	95374287f02fcd0c28cac3f643e66950N.exe
File opened (read-only)	\??\N:	95374287f02fcd0c28cac3f643e66950N.exe
File opened (read-only)	\??\Q:	95374287f02fcd0c28cac3f643e66950N.exe
File opened (read-only)	\??\T:	95374287f02fcd0c28cac3f643e66950N.exe
File opened (read-only)	\??\A:	95374287f02fcd0c28cac3f643e66950N.exe
File opened (read-only)	\??\E:	95374287f02fcd0c28cac3f643e66950N.exe
File opened (read-only)	\??\H:	95374287f02fcd0c28cac3f643e66950N.exe
File opened (read-only)	\??\I:	95374287f02fcd0c28cac3f643e66950N.exe
File opened (read-only)	\??\O:	95374287f02fcd0c28cac3f643e66950N.exe
File opened (read-only)	\??\S:	95374287f02fcd0c28cac3f643e66950N.exe
File opened (read-only)	\??\G:	95374287f02fcd0c28cac3f643e66950N.exe
File opened (read-only)	\??\K:	95374287f02fcd0c28cac3f643e66950N.exe
File opened (read-only)	\??\M:	95374287f02fcd0c28cac3f643e66950N.exe
File opened (read-only)	\??\Y:	95374287f02fcd0c28cac3f643e66950N.exe
File opened (read-only)	\??\B:	95374287f02fcd0c28cac3f643e66950N.exe
File opened (read-only)	\??\L:	95374287f02fcd0c28cac3f643e66950N.exe
File opened (read-only)	\??\P:	95374287f02fcd0c28cac3f643e66950N.exe
File opened (read-only)	\??\R:	95374287f02fcd0c28cac3f643e66950N.exe
File opened (read-only)	\??\U:	95374287f02fcd0c28cac3f643e66950N.exe
File opened (read-only)	\??\V:	95374287f02fcd0c28cac3f643e66950N.exe
File opened (read-only)	\??\W:	95374287f02fcd0c28cac3f643e66950N.exe
File opened (read-only)	\??\X:	95374287f02fcd0c28cac3f643e66950N.exe
File opened (read-only)	\??\Z:	95374287f02fcd0c28cac3f643e66950N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\System32\LogFiles\Fax\Incoming\swedish kicking bukkake hidden titts .zip.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\tyrkish cumshot trambling masturbation cock boots .mpg.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\blowjob hot (!) (Sylvia).mpg.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\System32\DriverStore\Temp\fucking lesbian titts sm (Liz).avi.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\SysWOW64\FxsTmp\malaysia blowjob lesbian swallow .avi.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\SysWOW64\IME\shared\italian cum bukkake full movie .mpeg.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\hardcore several models glans wifey .mpg.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\SysWOW64\FxsTmp\brasilian fetish bukkake [free] latex .zip.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\SysWOW64\IME\shared\hardcore masturbation blondie (Britney,Liz).rar.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\fucking big hole (Sonja,Jade).zip.exe	95374287f02fcd0c28cac3f643e66950N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft Office\Templates\lesbian hot (!) (Jade).mpeg.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\indian porn hardcore [milf] pregnant .zip.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\japanese action fucking masturbation (Curtney).rar.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\black nude fucking sleeping cock .rar.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Program Files\DVD Maker\Shared\swedish beastiality beast catfight balls .zip.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Program Files\Windows Journal\Templates\danish animal fucking licking titts .mpeg.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Program Files (x86)\Google\Update\Download\sperm [free] cock upskirt (Jade).mpg.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\xxx girls hole lady .zip.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\gay several models titts .avi.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\american action hardcore sleeping feet wifey .avi.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\sperm public ash .rar.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Program Files (x86)\Google\Temp\xxx uncut .avi.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\fucking full movie feet black hairunshaved .mpg.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\swedish handjob xxx licking titts .mpg.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\swedish nude beast licking .zip.exe	95374287f02fcd0c28cac3f643e66950N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\horse public penetration .avi.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\norwegian xxx catfight feet 40+ .avi.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\beastiality lingerie [free] .zip.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\norwegian trambling catfight .mpg.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\asian fucking masturbation swallow .avi.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\asian beast full movie traffic .zip.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\norwegian beast hidden .zip.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\italian animal gay uncut ejaculation .mpeg.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\african blowjob [milf] glans mistress .mpeg.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\fucking girls glans ¼ç .avi.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\black beastiality horse [free] .avi.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\british fucking uncut titts (Christine,Liz).avi.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\beastiality fucking hidden titts shoes (Janette).avi.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\italian cum xxx big femdom .mpeg.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\danish horse trambling girls (Sylvia).mpeg.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\brasilian gang bang lesbian hidden .avi.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\german lingerie hot (!) latex (Britney,Liz).rar.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\lesbian voyeur high heels .mpg.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\winsxs\InstallTemp\canadian xxx uncut hole balls .mpg.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\lingerie uncut traffic .mpeg.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\japanese cumshot lingerie catfight (Curtney).zip.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\sperm sleeping (Samantha).zip.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\indian animal blowjob [free] upskirt (Britney,Sarah).mpg.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\japanese cumshot horse hot (!) .mpg.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\assembly\tmp\tyrkish beastiality bukkake [bangbus] cock upskirt .zip.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\norwegian lingerie [free] glans fishy (Liz).avi.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\horse hardcore catfight feet balls .zip.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\nude xxx lesbian 50+ .mpeg.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\xxx hidden lady .avi.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\hardcore voyeur titts sweet .zip.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\norwegian beast lesbian boots (Sandy,Liz).mpeg.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\british lingerie hot (!) gorgeoushorny .avi.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\lesbian hidden feet bedroom .mpg.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\british bukkake voyeur cock .zip.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\danish handjob sperm masturbation .zip.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\japanese beastiality xxx full movie .rar.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\italian animal blowjob sleeping bondage .mpeg.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\danish gang bang beast public girly .mpg.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\chinese sperm full movie .mpeg.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\british trambling [bangbus] upskirt .rar.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\hardcore hot (!) (Samantha).zip.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\italian horse xxx [milf] .avi.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\mssrv.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\danish cumshot xxx girls cock sweet .mpg.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\black cum sperm uncut .mpeg.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\asian fucking uncut mature (Sonja,Sarah).avi.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\brasilian beastiality bukkake hot (!) cock shower (Jade).mpg.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\black animal lesbian catfight .mpg.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\cumshot sperm catfight upskirt .rar.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\norwegian lesbian licking mature .zip.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\horse xxx [free] upskirt .mpg.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\italian porn hardcore hot (!) penetration .zip.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\PLA\Templates\tyrkish animal blowjob hidden glans castration (Melissa).rar.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\brasilian horse bukkake several models balls .zip.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\american kicking horse masturbation fishy (Gina,Tatjana).rar.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\gay sleeping ash .avi.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\SoftwareDistribution\Download\gay masturbation ash .rar.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\norwegian horse full movie beautyfull .mpg.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\african xxx voyeur .mpg.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\japanese handjob hardcore big .rar.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\american action lesbian lesbian glans YEâPSè& .rar.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\assembly\temp\hardcore full movie 40+ (Sonja,Sylvia).rar.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\fucking public glans .zip.exe	95374287f02fcd0c28cac3f643e66950N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\blowjob hidden feet high heels (Samantha).rar.exe	95374287f02fcd0c28cac3f643e66950N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	95374287f02fcd0c28cac3f643e66950N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	95374287f02fcd0c28cac3f643e66950N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	95374287f02fcd0c28cac3f643e66950N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	95374287f02fcd0c28cac3f643e66950N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	95374287f02fcd0c28cac3f643e66950N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	95374287f02fcd0c28cac3f643e66950N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	95374287f02fcd0c28cac3f643e66950N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	95374287f02fcd0c28cac3f643e66950N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	95374287f02fcd0c28cac3f643e66950N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	95374287f02fcd0c28cac3f643e66950N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	95374287f02fcd0c28cac3f643e66950N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	95374287f02fcd0c28cac3f643e66950N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	95374287f02fcd0c28cac3f643e66950N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	95374287f02fcd0c28cac3f643e66950N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	95374287f02fcd0c28cac3f643e66950N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	95374287f02fcd0c28cac3f643e66950N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	95374287f02fcd0c28cac3f643e66950N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	95374287f02fcd0c28cac3f643e66950N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	95374287f02fcd0c28cac3f643e66950N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	95374287f02fcd0c28cac3f643e66950N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	95374287f02fcd0c28cac3f643e66950N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	95374287f02fcd0c28cac3f643e66950N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	95374287f02fcd0c28cac3f643e66950N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	95374287f02fcd0c28cac3f643e66950N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	95374287f02fcd0c28cac3f643e66950N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	95374287f02fcd0c28cac3f643e66950N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	95374287f02fcd0c28cac3f643e66950N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	95374287f02fcd0c28cac3f643e66950N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	95374287f02fcd0c28cac3f643e66950N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	95374287f02fcd0c28cac3f643e66950N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	95374287f02fcd0c28cac3f643e66950N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	95374287f02fcd0c28cac3f643e66950N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	95374287f02fcd0c28cac3f643e66950N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	95374287f02fcd0c28cac3f643e66950N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	95374287f02fcd0c28cac3f643e66950N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	95374287f02fcd0c28cac3f643e66950N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	95374287f02fcd0c28cac3f643e66950N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	95374287f02fcd0c28cac3f643e66950N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	95374287f02fcd0c28cac3f643e66950N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	95374287f02fcd0c28cac3f643e66950N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	95374287f02fcd0c28cac3f643e66950N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	95374287f02fcd0c28cac3f643e66950N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	95374287f02fcd0c28cac3f643e66950N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	95374287f02fcd0c28cac3f643e66950N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	95374287f02fcd0c28cac3f643e66950N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	95374287f02fcd0c28cac3f643e66950N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	95374287f02fcd0c28cac3f643e66950N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	95374287f02fcd0c28cac3f643e66950N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	95374287f02fcd0c28cac3f643e66950N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	95374287f02fcd0c28cac3f643e66950N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	95374287f02fcd0c28cac3f643e66950N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	95374287f02fcd0c28cac3f643e66950N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	95374287f02fcd0c28cac3f643e66950N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	95374287f02fcd0c28cac3f643e66950N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	95374287f02fcd0c28cac3f643e66950N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	95374287f02fcd0c28cac3f643e66950N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	95374287f02fcd0c28cac3f643e66950N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	95374287f02fcd0c28cac3f643e66950N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	95374287f02fcd0c28cac3f643e66950N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	95374287f02fcd0c28cac3f643e66950N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	95374287f02fcd0c28cac3f643e66950N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	95374287f02fcd0c28cac3f643e66950N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	95374287f02fcd0c28cac3f643e66950N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	95374287f02fcd0c28cac3f643e66950N.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2540	95374287f02fcd0c28cac3f643e66950N.exe
2720	95374287f02fcd0c28cac3f643e66950N.exe
2540	95374287f02fcd0c28cac3f643e66950N.exe
2212	95374287f02fcd0c28cac3f643e66950N.exe
2840	95374287f02fcd0c28cac3f643e66950N.exe
2720	95374287f02fcd0c28cac3f643e66950N.exe
2540	95374287f02fcd0c28cac3f643e66950N.exe
2536	95374287f02fcd0c28cac3f643e66950N.exe
2252	95374287f02fcd0c28cac3f643e66950N.exe
1504	95374287f02fcd0c28cac3f643e66950N.exe
2212	95374287f02fcd0c28cac3f643e66950N.exe
2720	95374287f02fcd0c28cac3f643e66950N.exe
2840	95374287f02fcd0c28cac3f643e66950N.exe
2592	95374287f02fcd0c28cac3f643e66950N.exe
2540	95374287f02fcd0c28cac3f643e66950N.exe
2924	95374287f02fcd0c28cac3f643e66950N.exe
2536	95374287f02fcd0c28cac3f643e66950N.exe
844	95374287f02fcd0c28cac3f643e66950N.exe
3004	95374287f02fcd0c28cac3f643e66950N.exe
956	95374287f02fcd0c28cac3f643e66950N.exe
2052	95374287f02fcd0c28cac3f643e66950N.exe
2252	95374287f02fcd0c28cac3f643e66950N.exe
2720	95374287f02fcd0c28cac3f643e66950N.exe
2212	95374287f02fcd0c28cac3f643e66950N.exe
2972	95374287f02fcd0c28cac3f643e66950N.exe
1504	95374287f02fcd0c28cac3f643e66950N.exe
2840	95374287f02fcd0c28cac3f643e66950N.exe
272	95374287f02fcd0c28cac3f643e66950N.exe
1648	95374287f02fcd0c28cac3f643e66950N.exe
2540	95374287f02fcd0c28cac3f643e66950N.exe
2592	95374287f02fcd0c28cac3f643e66950N.exe
1580	95374287f02fcd0c28cac3f643e66950N.exe
1696	95374287f02fcd0c28cac3f643e66950N.exe
2924	95374287f02fcd0c28cac3f643e66950N.exe
2536	95374287f02fcd0c28cac3f643e66950N.exe
2380	95374287f02fcd0c28cac3f643e66950N.exe
2216	95374287f02fcd0c28cac3f643e66950N.exe
2252	95374287f02fcd0c28cac3f643e66950N.exe
2212	95374287f02fcd0c28cac3f643e66950N.exe
904	95374287f02fcd0c28cac3f643e66950N.exe
2152	95374287f02fcd0c28cac3f643e66950N.exe
908	95374287f02fcd0c28cac3f643e66950N.exe
1964	95374287f02fcd0c28cac3f643e66950N.exe
2720	95374287f02fcd0c28cac3f643e66950N.exe
844	95374287f02fcd0c28cac3f643e66950N.exe
2080	95374287f02fcd0c28cac3f643e66950N.exe
956	95374287f02fcd0c28cac3f643e66950N.exe
2940	95374287f02fcd0c28cac3f643e66950N.exe
3004	95374287f02fcd0c28cac3f643e66950N.exe
3004	95374287f02fcd0c28cac3f643e66950N.exe
2404	95374287f02fcd0c28cac3f643e66950N.exe
2404	95374287f02fcd0c28cac3f643e66950N.exe
648	95374287f02fcd0c28cac3f643e66950N.exe
648	95374287f02fcd0c28cac3f643e66950N.exe
708	95374287f02fcd0c28cac3f643e66950N.exe
708	95374287f02fcd0c28cac3f643e66950N.exe
2840	95374287f02fcd0c28cac3f643e66950N.exe
2840	95374287f02fcd0c28cac3f643e66950N.exe
1504	95374287f02fcd0c28cac3f643e66950N.exe
1504	95374287f02fcd0c28cac3f643e66950N.exe
2540	95374287f02fcd0c28cac3f643e66950N.exe
2540	95374287f02fcd0c28cac3f643e66950N.exe
1536	95374287f02fcd0c28cac3f643e66950N.exe
1536	95374287f02fcd0c28cac3f643e66950N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2540 wrote to memory of 2720	2540	95374287f02fcd0c28cac3f643e66950N.exe	29
PID 2540 wrote to memory of 2720	2540	95374287f02fcd0c28cac3f643e66950N.exe	29
PID 2540 wrote to memory of 2720	2540	95374287f02fcd0c28cac3f643e66950N.exe	29
PID 2540 wrote to memory of 2720	2540	95374287f02fcd0c28cac3f643e66950N.exe	29
PID 2720 wrote to memory of 2212	2720	95374287f02fcd0c28cac3f643e66950N.exe	30
PID 2720 wrote to memory of 2212	2720	95374287f02fcd0c28cac3f643e66950N.exe	30
PID 2720 wrote to memory of 2212	2720	95374287f02fcd0c28cac3f643e66950N.exe	30
PID 2720 wrote to memory of 2212	2720	95374287f02fcd0c28cac3f643e66950N.exe	30
PID 2540 wrote to memory of 2840	2540	95374287f02fcd0c28cac3f643e66950N.exe	31
PID 2540 wrote to memory of 2840	2540	95374287f02fcd0c28cac3f643e66950N.exe	31
PID 2540 wrote to memory of 2840	2540	95374287f02fcd0c28cac3f643e66950N.exe	31
PID 2540 wrote to memory of 2840	2540	95374287f02fcd0c28cac3f643e66950N.exe	31
PID 2212 wrote to memory of 2536	2212	95374287f02fcd0c28cac3f643e66950N.exe	32
PID 2212 wrote to memory of 2536	2212	95374287f02fcd0c28cac3f643e66950N.exe	32
PID 2212 wrote to memory of 2536	2212	95374287f02fcd0c28cac3f643e66950N.exe	32
PID 2212 wrote to memory of 2536	2212	95374287f02fcd0c28cac3f643e66950N.exe	32
PID 2840 wrote to memory of 1504	2840	95374287f02fcd0c28cac3f643e66950N.exe	33
PID 2840 wrote to memory of 1504	2840	95374287f02fcd0c28cac3f643e66950N.exe	33
PID 2840 wrote to memory of 1504	2840	95374287f02fcd0c28cac3f643e66950N.exe	33
PID 2840 wrote to memory of 1504	2840	95374287f02fcd0c28cac3f643e66950N.exe	33
PID 2720 wrote to memory of 2252	2720	95374287f02fcd0c28cac3f643e66950N.exe	34
PID 2720 wrote to memory of 2252	2720	95374287f02fcd0c28cac3f643e66950N.exe	34
PID 2720 wrote to memory of 2252	2720	95374287f02fcd0c28cac3f643e66950N.exe	34
PID 2720 wrote to memory of 2252	2720	95374287f02fcd0c28cac3f643e66950N.exe	34
PID 2540 wrote to memory of 2592	2540	95374287f02fcd0c28cac3f643e66950N.exe	35
PID 2540 wrote to memory of 2592	2540	95374287f02fcd0c28cac3f643e66950N.exe	35
PID 2540 wrote to memory of 2592	2540	95374287f02fcd0c28cac3f643e66950N.exe	35
PID 2540 wrote to memory of 2592	2540	95374287f02fcd0c28cac3f643e66950N.exe	35
PID 2536 wrote to memory of 2924	2536	95374287f02fcd0c28cac3f643e66950N.exe	36
PID 2536 wrote to memory of 2924	2536	95374287f02fcd0c28cac3f643e66950N.exe	36
PID 2536 wrote to memory of 2924	2536	95374287f02fcd0c28cac3f643e66950N.exe	36
PID 2536 wrote to memory of 2924	2536	95374287f02fcd0c28cac3f643e66950N.exe	36
PID 2252 wrote to memory of 844	2252	95374287f02fcd0c28cac3f643e66950N.exe	37
PID 2252 wrote to memory of 844	2252	95374287f02fcd0c28cac3f643e66950N.exe	37
PID 2252 wrote to memory of 844	2252	95374287f02fcd0c28cac3f643e66950N.exe	37
PID 2252 wrote to memory of 844	2252	95374287f02fcd0c28cac3f643e66950N.exe	37
PID 2212 wrote to memory of 3004	2212	95374287f02fcd0c28cac3f643e66950N.exe	38
PID 2212 wrote to memory of 3004	2212	95374287f02fcd0c28cac3f643e66950N.exe	38
PID 2212 wrote to memory of 3004	2212	95374287f02fcd0c28cac3f643e66950N.exe	38
PID 2212 wrote to memory of 3004	2212	95374287f02fcd0c28cac3f643e66950N.exe	38
PID 2720 wrote to memory of 2052	2720	95374287f02fcd0c28cac3f643e66950N.exe	40
PID 2720 wrote to memory of 2052	2720	95374287f02fcd0c28cac3f643e66950N.exe	40
PID 2720 wrote to memory of 2052	2720	95374287f02fcd0c28cac3f643e66950N.exe	40
PID 2720 wrote to memory of 2052	2720	95374287f02fcd0c28cac3f643e66950N.exe	40
PID 1504 wrote to memory of 956	1504	95374287f02fcd0c28cac3f643e66950N.exe	39
PID 1504 wrote to memory of 956	1504	95374287f02fcd0c28cac3f643e66950N.exe	39
PID 1504 wrote to memory of 956	1504	95374287f02fcd0c28cac3f643e66950N.exe	39
PID 1504 wrote to memory of 956	1504	95374287f02fcd0c28cac3f643e66950N.exe	39
PID 2840 wrote to memory of 2972	2840	95374287f02fcd0c28cac3f643e66950N.exe	41
PID 2840 wrote to memory of 2972	2840	95374287f02fcd0c28cac3f643e66950N.exe	41
PID 2840 wrote to memory of 2972	2840	95374287f02fcd0c28cac3f643e66950N.exe	41
PID 2840 wrote to memory of 2972	2840	95374287f02fcd0c28cac3f643e66950N.exe	41
PID 2540 wrote to memory of 272	2540	95374287f02fcd0c28cac3f643e66950N.exe	42
PID 2540 wrote to memory of 272	2540	95374287f02fcd0c28cac3f643e66950N.exe	42
PID 2540 wrote to memory of 272	2540	95374287f02fcd0c28cac3f643e66950N.exe	42
PID 2540 wrote to memory of 272	2540	95374287f02fcd0c28cac3f643e66950N.exe	42
PID 2592 wrote to memory of 1648	2592	95374287f02fcd0c28cac3f643e66950N.exe	43
PID 2592 wrote to memory of 1648	2592	95374287f02fcd0c28cac3f643e66950N.exe	43
PID 2592 wrote to memory of 1648	2592	95374287f02fcd0c28cac3f643e66950N.exe	43
PID 2592 wrote to memory of 1648	2592	95374287f02fcd0c28cac3f643e66950N.exe	43
PID 2924 wrote to memory of 1580	2924	95374287f02fcd0c28cac3f643e66950N.exe	44
PID 2924 wrote to memory of 1580	2924	95374287f02fcd0c28cac3f643e66950N.exe	44
PID 2924 wrote to memory of 1580	2924	95374287f02fcd0c28cac3f643e66950N.exe	44
PID 2924 wrote to memory of 1580	2924	95374287f02fcd0c28cac3f643e66950N.exe	44

C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
"C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2540
- C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
  "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2720
- - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
    "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2212
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2536
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2924
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        8⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        9⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        10⤵
        
        PID:12176
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        10⤵
        
        PID:20944
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        9⤵
        
        PID:8696
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        9⤵
        
        PID:18352
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        8⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        9⤵
        
        PID:8848
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        9⤵
        
        PID:17180
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        8⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        8⤵
        
        PID:11068
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        8⤵
        
        PID:18316
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        8⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        9⤵
        
        PID:14652
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        8⤵
        
        PID:8496
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        8⤵
        
        PID:17868
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        8⤵
        
        PID:8680
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        8⤵
        
        PID:17924
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:11084
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:18284
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        8⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        9⤵
        
        PID:12160
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        9⤵
        
        PID:9520
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        8⤵
        
        PID:8856
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        8⤵
        
        PID:18392
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        8⤵
        
        PID:9124
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        8⤵
        
        PID:18424
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:7108
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:11132
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:19468
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        8⤵
        
        PID:11196
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        8⤵
        
        PID:20080
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:8864
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:18260
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:8632
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:17860
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:6824
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:11076
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:2448
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:1696
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        8⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        9⤵
        
        PID:17908
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        8⤵
        
        PID:8648
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        8⤵
        
        PID:17016
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        8⤵
        
        PID:8888
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        8⤵
        
        PID:17724
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:7056
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:11188
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:18408
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        8⤵
        
        PID:12300
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        8⤵
        
        PID:10092
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:8376
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:14708
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:8672
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:17172
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:6840
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:11124
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:19688
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1604
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:8972
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:15832
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:9108
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:17188
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:22296
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:11484
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:20876
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:3612
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:12200
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:9648
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:8796
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:18252
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:4980
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:9468
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:18208
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:7120
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:11952
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:21040
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:3004
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:1964
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        8⤵
        
        PID:7776
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        8⤵
        
        PID:14248
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        8⤵
        
        PID:22336
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:10884
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:20656
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:11028
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:18308
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:14444
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:7496
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:9800
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:18160
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2680
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:7716
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:11356
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:20844
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:6316
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:10852
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:18576
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:3464
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:7220
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:11436
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:20992
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:6052
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:14540
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:9148
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:18520
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2380
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1704
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:9924
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:20632
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:10892
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:19928
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:7704
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:15156
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:3684
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:11412
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:18344
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:9116
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:18268
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:5084
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:9476
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:15528
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:6504
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:22192
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:11500
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:21000
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2852
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:4020
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:6760
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:11004
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:19704
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:5820
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:11404
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:21016
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:8604
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:17688
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:3772
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:5812
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:12136
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:20828
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:8880
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:18168
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:5256
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:9824
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:18220
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:7984
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:14668
- - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
    "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2252
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:844
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:904
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        8⤵
        
        PID:7512
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        8⤵
        
        PID:12168
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        8⤵
        
        PID:21156
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        8⤵
        
        PID:12152
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        8⤵
        
        PID:21664
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:9140
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:18292
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        8⤵
        
        PID:19736
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:9916
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:18592
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:10964
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:20144
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:7960
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:14500
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2760
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:12192
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:21672
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:12292
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:21836
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:8704
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:18176
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:3824
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:6384
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:11060
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:19744
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:5404
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:10988
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:18384
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:7308
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:13876
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2216
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1644
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        8⤵
        
        PID:22056
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:10956
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:19864
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:14480
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:7352
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:14452
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:3752
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:12268
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:20640
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:9228
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:13280
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:5196
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:10876
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:18972
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:7964
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:14772
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3020
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:3972
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:6708
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:9884
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:19224
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:5472
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:11420
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:20868
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:8344
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:14464
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:3760
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:5512
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:12280
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:9780
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:9100
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:18200
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:5164
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:9760
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:20676
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:7688
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:14284
- - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
    "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2052
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1536
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3260
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:9908
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:4616
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:7680
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:13288
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:4460
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:7816
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:12144
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:21056
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:6332
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:11452
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:21164
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:11092
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:19112
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2348
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:4444
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:8964
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:17680
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:7204
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:10804
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:18600
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:4308
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:8200
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:13844
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:21008
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:5756
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:10868
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:6500
- - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
    "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2152
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3016
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:4000
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:7708
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:11232
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:19936
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:5656
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:18192
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:9252
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:12860
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:4008
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:6728
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:11108
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:3044
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:5612
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:14644
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:8488
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:14516
- - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
    "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2812
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:4092
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:6340
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:11476
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:20852
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:5900
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:11388
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:18236
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:8804
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:18612
- - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
    "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
    3⤵
    PID:3816
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:6292
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:11020
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:18244
- - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
    "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
    3⤵
    PID:5348
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:10916
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:19920
- - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
    "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
    3⤵
    PID:7312
- - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
    "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
    3⤵
    PID:13464
- C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
  "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2840
- - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
    "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1504
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:956
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:908
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        8⤵
        
        PID:7344
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        8⤵
        
        PID:9932
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        8⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:8332
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:15552
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:12104
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:21604
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:14628
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:21852
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:8872
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:18332
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2856
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:10844
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:20152
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:18864
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:9244
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:13852
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:3524
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:6624
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:11460
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:20860
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:5992
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:11160
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:21656
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:8656
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:17932
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2080
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3032
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:8448
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:15520
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:6852
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:11944
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:20664
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:7228
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:10860
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:18400
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:6044
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:14548
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:9180
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:18436
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2452
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:4692
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:8476
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:17196
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:6776
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:11100
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:18276
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:4080
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:8012
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:19476
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:11468
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:18956
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:5956
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:7488
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:9940
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:6392
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:9236
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:13436
- - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
    "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2972
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:708
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3236
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:9816
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:13868
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:7976
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:14784
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:4468
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:8352
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:15544
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:6252
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:18544
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:11052
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:19944
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2988
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:4228
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:9420
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:14732
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:6716
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:10820
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:18368
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:4292
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:8100
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:12880
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:5464
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:19752
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:9860
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:1020
- - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
    "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2940
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:1400
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:5048
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:9156
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:18300
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:6160
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:12184
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:21212
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:4268
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:7696
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:15536
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:5576
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:19696
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:9808
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:18184
- - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
    "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3040
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:4712
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:8564
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:17916
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:6808
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:20296
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:11012
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:19488
- - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
    "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
    3⤵
    PID:3268
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:7756
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:15124
- - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
    "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
    3⤵
    PID:5356
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:12256
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:21172
- - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
    "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
    3⤵
    PID:9260
- - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
    "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
    3⤵
    PID:13272
- C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
  "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2592
- - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
    "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1648
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:928
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3368
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:9752
        
        C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        7⤵
        
        PID:18444
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:7544
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:11508
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:4252
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:4524
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:7812
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:13860
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:6364
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:21844
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:10836
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:19680
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2696
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:4284
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:9504
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:15572
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:6768
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:11036
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:18452
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:4300
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:7744
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:15132
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:6220
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:9852
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:18552
- - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
    "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:648
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3148
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:4620
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:10812
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:4036
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:7316
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:10828
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:18376
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:4448
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:8300
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:15580
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:5420
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:9868
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:18560
- - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
    "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2324
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:5060
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:7724
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:11396
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:2340
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:6184
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:11492
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:19496
- - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
    "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
    3⤵
    PID:4260
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:8208
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:13456
- - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
    "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
    3⤵
    PID:6128
- - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
    "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
    3⤵
    PID:9876
- - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
    "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
    3⤵
    PID:18360
- C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
  "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:272
- - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
    "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1796
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3324
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:5144
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:10908
      - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        6⤵
        
        PID:18228
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:7784
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:14256
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:4512
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:8440
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:16252
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:6456
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:10996
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:19828
- - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
    "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2776
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:4492
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:9900
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:20648
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:7324
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:9892
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:18964
- - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
    "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
    3⤵
    PID:4344
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:7768
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:14764
- - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
    "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
    3⤵
    PID:6040
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:11428
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:18584
- - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
    "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
    3⤵
    PID:11044
- - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
    "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
    3⤵
    PID:18416
- C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
  "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:2404
- - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
    "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3140
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:4728
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:9844
    - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
        5⤵
        
        PID:4456
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:7736
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:15148
- - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
    "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
    3⤵
    PID:4436
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:8316
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:14532
- - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
    "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
    3⤵
    PID:6152
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:11444
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:20836
- - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
    "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
    3⤵
    PID:10900
- - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
    "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
    3⤵
    PID:6588
- C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
  "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:316
- - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
    "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
    3⤵
    PID:4740
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:9132
  - - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
      "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
      4⤵
      PID:18500
- - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
    "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
    3⤵
    PID:6948
- - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
    "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
    3⤵
    PID:11116
- - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
    "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
    3⤵
    PID:18568
- C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
  "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
  2⤵
  PID:3992
- - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
    "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
    3⤵
    PID:7948
- - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
    "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
    3⤵
    PID:15104
- C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
  "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
  2⤵
  PID:6008
- - C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
    "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
    3⤵
    PID:22316
- C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
  "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
  2⤵
  PID:9220
- C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe
  "C:\Users\Admin\AppData\Local\Temp\95374287f02fcd0c28cac3f643e66950N.exe"
  2⤵
  PID:15564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\american action hardcore sleeping feet wifey .avi.exe

Filesize
1.0MB

MD5
90211a39eab7517c6bf5637860056d99

SHA1
b33a59900e509b91ee07717a55ea34f9f97c99a6

SHA256
8a8a97ef16a3cc7c58b6a099eb0194e44edea7206dbd25dcbb6f8d906be0ccc1

SHA512
0aebbdfb30404e15ef3006a6785de8366514e5b843da9f7404963cdbbe63aaaec0c4868d8accb0640d12681f12c37c98d1f0481ebde966c60e11e0cf6dd885ea

Download Submit
C:\debug.txt

Filesize
183B

MD5
60a6a3df7c750297a2564bdf71af6a18

SHA1
c1ee8ec2119b2345a0b890e141058df6fbe12369

SHA256
38fc77766a776db2c6a77bda00a97c0b90c5328eaeb81214eff9bd9131d263a6

SHA512
ec6d36360e81c0ca224ddc18e9a5cbe05e65df8f2b59bc1dcfcce8bf3db2d2f383015c8514899f266f359e1a45bc6b2ee398928d0e97fc3ab9ae7e779ecaace2

Download Submit
memory/272-149-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/648-170-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/648-137-0x00000000047D0000-0x00000000047FB000-memory.dmp

Filesize
172KB

Download
memory/708-139-0x00000000045A0000-0x00000000045CB000-memory.dmp

Filesize
172KB

Download
memory/708-172-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/844-165-0x0000000004FA0000-0x0000000004FCB000-memory.dmp

Filesize
172KB

Download
memory/844-142-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/904-160-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/908-118-0x0000000004CF0000-0x0000000004D1B000-memory.dmp

Filesize
172KB

Download
memory/908-182-0x0000000004CF0000-0x0000000004D1B000-memory.dmp

Filesize
172KB

Download
memory/908-162-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/928-175-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/928-109-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/956-144-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/956-119-0x0000000004F70000-0x0000000004F9B000-memory.dmp

Filesize
172KB

Download
memory/1504-135-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1504-94-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1536-171-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1580-110-0x0000000000550000-0x000000000057B000-memory.dmp

Filesize
172KB

Download
memory/1580-177-0x0000000000550000-0x000000000057B000-memory.dmp

Filesize
172KB

Download
memory/1580-146-0x00000000050C0000-0x00000000050EB000-memory.dmp

Filesize
172KB

Download
memory/1580-154-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1580-102-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1604-158-0x00000000045B0000-0x00000000045DB000-memory.dmp

Filesize
172KB

Download
memory/1648-100-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1648-108-0x0000000004FB0000-0x0000000004FDB000-memory.dmp

Filesize
172KB

Download
memory/1648-174-0x0000000004FB0000-0x0000000004FDB000-memory.dmp

Filesize
172KB

Download
memory/1648-129-0x0000000004FB0000-0x0000000004FDB000-memory.dmp

Filesize
172KB

Download
memory/1648-151-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1696-147-0x0000000004F70000-0x0000000004F9B000-memory.dmp

Filesize
172KB

Download
memory/1696-155-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1696-103-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1696-112-0x0000000004E30000-0x0000000004E5B000-memory.dmp

Filesize
172KB

Download
memory/1796-173-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1848-178-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1848-150-0x00000000044C0000-0x00000000044EB000-memory.dmp

Filesize
172KB

Download
memory/1964-120-0x00000000045D0000-0x00000000045FB000-memory.dmp

Filesize
172KB

Download
memory/1964-163-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2052-107-0x0000000004FB0000-0x0000000004FDB000-memory.dmp

Filesize
172KB

Download
memory/2052-99-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2052-127-0x0000000004FB0000-0x0000000004FDB000-memory.dmp

Filesize
172KB

Download
memory/2052-145-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2080-122-0x0000000004E20000-0x0000000004E4B000-memory.dmp

Filesize
172KB

Download
memory/2080-164-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2116-113-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2152-161-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2152-179-0x0000000004BB0000-0x0000000004BDB000-memory.dmp

Filesize
172KB

Download
memory/2212-132-0x0000000004E20000-0x0000000004E4B000-memory.dmp

Filesize
172KB

Download
memory/2212-117-0x0000000004E40000-0x0000000004E6B000-memory.dmp

Filesize
172KB

Download
memory/2212-82-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2212-130-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2212-91-0x0000000004E20000-0x0000000004E4B000-memory.dmp

Filesize
172KB

Download
memory/2216-159-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2216-115-0x0000000004690000-0x00000000046BB000-memory.dmp

Filesize
172KB

Download
memory/2252-96-0x0000000004500000-0x000000000452B000-memory.dmp

Filesize
172KB

Download
memory/2252-136-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2252-116-0x0000000004500000-0x000000000452B000-memory.dmp

Filesize
172KB

Download
memory/2380-157-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2404-168-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2536-114-0x00000000050C0000-0x00000000050EB000-memory.dmp

Filesize
172KB

Download
memory/2536-95-0x0000000004E40000-0x0000000004E6B000-memory.dmp

Filesize
172KB

Download
memory/2536-140-0x0000000004E40000-0x0000000004E6B000-memory.dmp

Filesize
172KB

Download
memory/2536-92-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2536-133-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2536-156-0x00000000050C0000-0x00000000050EB000-memory.dmp

Filesize
172KB

Download
memory/2540-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2540-105-0x0000000004C90000-0x0000000004CBB000-memory.dmp

Filesize
172KB

Download
memory/2540-167-0x0000000004C90000-0x0000000004CBB000-memory.dmp

Filesize
172KB

Download
memory/2540-124-0x0000000004C90000-0x0000000004CBB000-memory.dmp

Filesize
172KB

Download
memory/2540-126-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2540-42-0x0000000004C70000-0x0000000004C9B000-memory.dmp

Filesize
172KB

Download
memory/2592-169-0x0000000004F60000-0x0000000004F8B000-memory.dmp

Filesize
172KB

Download
memory/2592-125-0x0000000004F70000-0x0000000004F9B000-memory.dmp

Filesize
172KB

Download
memory/2592-106-0x0000000004F60000-0x0000000004F8B000-memory.dmp

Filesize
172KB

Download
memory/2592-138-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2720-128-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2720-44-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2720-97-0x0000000004F70000-0x0000000004F9B000-memory.dmp

Filesize
172KB

Download
memory/2840-93-0x0000000004F80000-0x0000000004FAB000-memory.dmp

Filesize
172KB

Download
memory/2840-104-0x0000000004F80000-0x0000000004FAB000-memory.dmp

Filesize
172KB

Download
memory/2840-134-0x0000000004F80000-0x0000000004FAB000-memory.dmp

Filesize
172KB

Download
memory/2840-123-0x0000000004F80000-0x0000000004FAB000-memory.dmp

Filesize
172KB

Download
memory/2840-131-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2852-180-0x00000000045E0000-0x000000000460B000-memory.dmp

Filesize
172KB

Download
memory/2924-153-0x0000000004F30000-0x0000000004F5B000-memory.dmp

Filesize
172KB

Download
memory/2924-101-0x0000000004F30000-0x0000000004F5B000-memory.dmp

Filesize
172KB

Download
memory/2924-181-0x00000000051B0000-0x00000000051DB000-memory.dmp

Filesize
172KB

Download
memory/2924-141-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2940-166-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2972-148-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3004-98-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3004-121-0x0000000004BB0000-0x0000000004BDB000-memory.dmp

Filesize
172KB

Download
memory/3004-143-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3020-176-0x0000000004E60000-0x0000000004E8B000-memory.dmp

Filesize
172KB

Download
memory/3064-111-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3064-152-0x0000000004E20000-0x0000000004E4B000-memory.dmp

Filesize
172KB

Download