8d0a7e35dcb0a8294255f4b3ca375a0413b0167268ceb2c785b3c8b172f78ff2

Analysis

max time kernel
29s
max time network
70s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
14-08-2024 14:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2ae2e8afa334693b7486ff0a82c21850N.exe
Size

889KB
MD5

2ae2e8afa334693b7486ff0a82c21850
SHA1

9fa945ed8992a7635ecf9d407e361ef97bbd9d8b
SHA256

8d0a7e35dcb0a8294255f4b3ca375a0413b0167268ceb2c785b3c8b172f78ff2
SHA512

7138f098fbe0b748d907eefdd7ea1d344c85a77fec88c218d2f27624e86b59f293d26baa021f31ba688339cb3783fefddfee2595a1fffadd397211e7db4e28d3
SSDEEP

24576:oWSCQACxatyL57BaLpq2uCeBXzU9/t2A8:VSBXh57wBuX2EA8

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	2ae2e8afa334693b7486ff0a82c21850N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\G:	2ae2e8afa334693b7486ff0a82c21850N.exe
File opened (read-only)	\??\H:	2ae2e8afa334693b7486ff0a82c21850N.exe
File opened (read-only)	\??\K:	2ae2e8afa334693b7486ff0a82c21850N.exe
File opened (read-only)	\??\M:	2ae2e8afa334693b7486ff0a82c21850N.exe
File opened (read-only)	\??\N:	2ae2e8afa334693b7486ff0a82c21850N.exe
File opened (read-only)	\??\W:	2ae2e8afa334693b7486ff0a82c21850N.exe
File opened (read-only)	\??\Y:	2ae2e8afa334693b7486ff0a82c21850N.exe
File opened (read-only)	\??\J:	2ae2e8afa334693b7486ff0a82c21850N.exe
File opened (read-only)	\??\P:	2ae2e8afa334693b7486ff0a82c21850N.exe
File opened (read-only)	\??\R:	2ae2e8afa334693b7486ff0a82c21850N.exe
File opened (read-only)	\??\T:	2ae2e8afa334693b7486ff0a82c21850N.exe
File opened (read-only)	\??\U:	2ae2e8afa334693b7486ff0a82c21850N.exe
File opened (read-only)	\??\A:	2ae2e8afa334693b7486ff0a82c21850N.exe
File opened (read-only)	\??\E:	2ae2e8afa334693b7486ff0a82c21850N.exe
File opened (read-only)	\??\L:	2ae2e8afa334693b7486ff0a82c21850N.exe
File opened (read-only)	\??\S:	2ae2e8afa334693b7486ff0a82c21850N.exe
File opened (read-only)	\??\V:	2ae2e8afa334693b7486ff0a82c21850N.exe
File opened (read-only)	\??\Z:	2ae2e8afa334693b7486ff0a82c21850N.exe
File opened (read-only)	\??\B:	2ae2e8afa334693b7486ff0a82c21850N.exe
File opened (read-only)	\??\I:	2ae2e8afa334693b7486ff0a82c21850N.exe
File opened (read-only)	\??\O:	2ae2e8afa334693b7486ff0a82c21850N.exe
File opened (read-only)	\??\Q:	2ae2e8afa334693b7486ff0a82c21850N.exe
File opened (read-only)	\??\X:	2ae2e8afa334693b7486ff0a82c21850N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\FxsTmp\lingerie sleeping latex .avi.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\nude gay catfight cock .mpg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\System32\DriverStore\Temp\spanish beast porn uncut stockings .rar.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\SysWOW64\IME\shared\kicking lingerie public (Kathrin).avi.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\russian fetish licking legs sweet .zip.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\malaysia handjob action full movie shower .avi.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\gang bang gang bang [bangbus] ash gorgeoushorny (Liz,Sylvia).mpg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\SysWOW64\FxsTmp\cumshot catfight hole (Jade).zip.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\SysWOW64\IME\shared\japanese gay hidden .rar.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\chinese cum [bangbus] mistress .zip.exe	2ae2e8afa334693b7486ff0a82c21850N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\british gay nude masturbation .mpeg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\russian cumshot action full movie boots .rar.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Program Files\DVD Maker\Shared\norwegian sperm handjob masturbation gorgeoushorny (Janette).zip.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\chinese cum hidden .mpg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\canadian cum several models titts mature (Liz,Jade).zip.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\xxx cum full movie .mpeg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Program Files\Windows Journal\Templates\fetish beast sleeping granny .rar.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Program Files (x86)\Google\Update\Download\german lesbian xxx lesbian balls .avi.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\indian beast lingerie sleeping vagina .mpeg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\lesbian lesbian 40+ .mpg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\cum several models swallow (Jenna).mpeg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\french trambling uncut upskirt .avi.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\horse nude masturbation .zip.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Program Files (x86)\Google\Temp\german horse uncut shoes .zip.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\norwegian sperm sperm lesbian 40+ .rar.exe	2ae2e8afa334693b7486ff0a82c21850N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\nude xxx [free] nipples granny .zip.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\chinese horse animal catfight 50+ .zip.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\gay horse masturbation hairy (Kathrin).avi.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\assembly\temp\horse blowjob sleeping (Sonja).avi.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\italian sperm xxx [milf] black hairunshaved .rar.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\british fetish licking glans .avi.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\kicking horse uncut (Anniston,Liz).rar.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\lingerie horse several models nipples young .mpeg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\animal hot (!) boobs girly .rar.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\winsxs\InstallTemp\lingerie public granny .zip.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\black sperm several models vagina boots .avi.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\french bukkake hardcore [free] bedroom .zip.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\indian gay beast [milf] feet redhair (Samantha,Sandy).zip.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\italian horse catfight .rar.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\horse blowjob [bangbus] (Britney).rar.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\handjob handjob girls leather .mpg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\sperm big .zip.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\spanish action [bangbus] hole penetration .zip.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\russian cumshot voyeur glans .zip.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\mssrv.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\horse horse girls titts .mpeg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\gay sleeping legs .rar.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\hardcore gang bang [bangbus] high heels .mpeg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\norwegian horse hardcore [bangbus] (Gina,Sylvia).mpeg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\swedish porn handjob [milf] black hairunshaved .mpeg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\beastiality beast voyeur young (Samantha,Sylvia).mpg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\horse hot (!) ìï .mpeg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\black nude lesbian several models gorgeoushorny .zip.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\norwegian cumshot xxx [milf] titts penetration .avi.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\sperm horse voyeur boobs .rar.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\asian porn fucking girls hairy .zip.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\beastiality catfight swallow (Sarah,Christine).avi.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\german handjob fucking masturbation feet .rar.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\assembly\tmp\african action lingerie voyeur .mpg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\spanish gang bang [bangbus] blondie .rar.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\spanish action big .zip.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\american bukkake hidden ash balls (Sonja,Liz).mpeg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\norwegian action beast [milf] bondage .zip.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\norwegian horse cum hidden .avi.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\russian animal girls shower (Kathrin).mpeg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\swedish horse several models hairy (Kathrin,Jade).rar.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\russian lesbian trambling public .zip.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\african action sperm [free] shoes .mpg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\handjob cumshot hidden YEâPSè& (Karin,Sylvia).rar.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\horse several models (Janette,Samantha).zip.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\danish porn porn lesbian YEâPSè& (Liz,Britney).mpeg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\beast gang bang catfight .rar.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\PLA\Templates\african sperm full movie traffic .rar.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\kicking hidden .mpeg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\handjob beast sleeping .mpg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\winsxs\Temp\hardcore fucking hidden high heels (Sonja).avi.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\trambling [free] nipples (Gina).mpg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\horse [free] shoes .rar.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\german cum voyeur hole 40+ .zip.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\norwegian porn [bangbus] boots (Britney,Kathrin).mpg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\bukkake cum full movie high heels .mpg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\spanish trambling cum several models cock (Sonja).avi.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\malaysia kicking lingerie big .mpg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\beast several models (Christine,Curtney).avi.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\swedish nude voyeur boobs (Liz).avi.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\cumshot hardcore sleeping .mpg.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\porn girls ash castration (Kathrin,Christine).avi.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\malaysia lesbian [milf] penetration .zip.exe	2ae2e8afa334693b7486ff0a82c21850N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\beastiality [free] ash 40+ .rar.exe	2ae2e8afa334693b7486ff0a82c21850N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ae2e8afa334693b7486ff0a82c21850N.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2288	2ae2e8afa334693b7486ff0a82c21850N.exe
2404	2ae2e8afa334693b7486ff0a82c21850N.exe
2288	2ae2e8afa334693b7486ff0a82c21850N.exe
836	2ae2e8afa334693b7486ff0a82c21850N.exe
1496	2ae2e8afa334693b7486ff0a82c21850N.exe
2404	2ae2e8afa334693b7486ff0a82c21850N.exe
2288	2ae2e8afa334693b7486ff0a82c21850N.exe
1040	2ae2e8afa334693b7486ff0a82c21850N.exe
284	2ae2e8afa334693b7486ff0a82c21850N.exe
2540	2ae2e8afa334693b7486ff0a82c21850N.exe
2124	2ae2e8afa334693b7486ff0a82c21850N.exe
1496	2ae2e8afa334693b7486ff0a82c21850N.exe
836	2ae2e8afa334693b7486ff0a82c21850N.exe
2288	2ae2e8afa334693b7486ff0a82c21850N.exe
2404	2ae2e8afa334693b7486ff0a82c21850N.exe
1988	2ae2e8afa334693b7486ff0a82c21850N.exe
1972	2ae2e8afa334693b7486ff0a82c21850N.exe
284	2ae2e8afa334693b7486ff0a82c21850N.exe
2452	2ae2e8afa334693b7486ff0a82c21850N.exe
1496	2ae2e8afa334693b7486ff0a82c21850N.exe
1336	2ae2e8afa334693b7486ff0a82c21850N.exe
1288	2ae2e8afa334693b7486ff0a82c21850N.exe
1040	2ae2e8afa334693b7486ff0a82c21850N.exe
2540	2ae2e8afa334693b7486ff0a82c21850N.exe
2052	2ae2e8afa334693b7486ff0a82c21850N.exe
2164	2ae2e8afa334693b7486ff0a82c21850N.exe
1140	2ae2e8afa334693b7486ff0a82c21850N.exe
836	2ae2e8afa334693b7486ff0a82c21850N.exe
2404	2ae2e8afa334693b7486ff0a82c21850N.exe
2124	2ae2e8afa334693b7486ff0a82c21850N.exe
2288	2ae2e8afa334693b7486ff0a82c21850N.exe
2176	2ae2e8afa334693b7486ff0a82c21850N.exe
812	2ae2e8afa334693b7486ff0a82c21850N.exe
1988	2ae2e8afa334693b7486ff0a82c21850N.exe
2336	2ae2e8afa334693b7486ff0a82c21850N.exe
888	2ae2e8afa334693b7486ff0a82c21850N.exe
1972	2ae2e8afa334693b7486ff0a82c21850N.exe
2916	2ae2e8afa334693b7486ff0a82c21850N.exe
328	2ae2e8afa334693b7486ff0a82c21850N.exe
284	2ae2e8afa334693b7486ff0a82c21850N.exe
840	2ae2e8afa334693b7486ff0a82c21850N.exe
840	2ae2e8afa334693b7486ff0a82c21850N.exe
1040	2ae2e8afa334693b7486ff0a82c21850N.exe
1040	2ae2e8afa334693b7486ff0a82c21850N.exe
1288	2ae2e8afa334693b7486ff0a82c21850N.exe
1288	2ae2e8afa334693b7486ff0a82c21850N.exe
1496	2ae2e8afa334693b7486ff0a82c21850N.exe
1496	2ae2e8afa334693b7486ff0a82c21850N.exe
1336	2ae2e8afa334693b7486ff0a82c21850N.exe
1336	2ae2e8afa334693b7486ff0a82c21850N.exe
2540	2ae2e8afa334693b7486ff0a82c21850N.exe
2540	2ae2e8afa334693b7486ff0a82c21850N.exe
2452	2ae2e8afa334693b7486ff0a82c21850N.exe
2452	2ae2e8afa334693b7486ff0a82c21850N.exe
2404	2ae2e8afa334693b7486ff0a82c21850N.exe
2404	2ae2e8afa334693b7486ff0a82c21850N.exe
1352	2ae2e8afa334693b7486ff0a82c21850N.exe
1352	2ae2e8afa334693b7486ff0a82c21850N.exe
1340	2ae2e8afa334693b7486ff0a82c21850N.exe
1340	2ae2e8afa334693b7486ff0a82c21850N.exe
1772	2ae2e8afa334693b7486ff0a82c21850N.exe
1772	2ae2e8afa334693b7486ff0a82c21850N.exe
1544	2ae2e8afa334693b7486ff0a82c21850N.exe
1544	2ae2e8afa334693b7486ff0a82c21850N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2288 wrote to memory of 2404	2288	2ae2e8afa334693b7486ff0a82c21850N.exe	30
PID 2288 wrote to memory of 2404	2288	2ae2e8afa334693b7486ff0a82c21850N.exe	30
PID 2288 wrote to memory of 2404	2288	2ae2e8afa334693b7486ff0a82c21850N.exe	30
PID 2288 wrote to memory of 2404	2288	2ae2e8afa334693b7486ff0a82c21850N.exe	30
PID 2404 wrote to memory of 836	2404	2ae2e8afa334693b7486ff0a82c21850N.exe	31
PID 2404 wrote to memory of 836	2404	2ae2e8afa334693b7486ff0a82c21850N.exe	31
PID 2404 wrote to memory of 836	2404	2ae2e8afa334693b7486ff0a82c21850N.exe	31
PID 2404 wrote to memory of 836	2404	2ae2e8afa334693b7486ff0a82c21850N.exe	31
PID 2288 wrote to memory of 1496	2288	2ae2e8afa334693b7486ff0a82c21850N.exe	32
PID 2288 wrote to memory of 1496	2288	2ae2e8afa334693b7486ff0a82c21850N.exe	32
PID 2288 wrote to memory of 1496	2288	2ae2e8afa334693b7486ff0a82c21850N.exe	32
PID 2288 wrote to memory of 1496	2288	2ae2e8afa334693b7486ff0a82c21850N.exe	32
PID 836 wrote to memory of 1040	836	2ae2e8afa334693b7486ff0a82c21850N.exe	33
PID 836 wrote to memory of 1040	836	2ae2e8afa334693b7486ff0a82c21850N.exe	33
PID 836 wrote to memory of 1040	836	2ae2e8afa334693b7486ff0a82c21850N.exe	33
PID 836 wrote to memory of 1040	836	2ae2e8afa334693b7486ff0a82c21850N.exe	33
PID 1496 wrote to memory of 284	1496	2ae2e8afa334693b7486ff0a82c21850N.exe	34
PID 1496 wrote to memory of 284	1496	2ae2e8afa334693b7486ff0a82c21850N.exe	34
PID 1496 wrote to memory of 284	1496	2ae2e8afa334693b7486ff0a82c21850N.exe	34
PID 1496 wrote to memory of 284	1496	2ae2e8afa334693b7486ff0a82c21850N.exe	34
PID 2288 wrote to memory of 2124	2288	2ae2e8afa334693b7486ff0a82c21850N.exe	35
PID 2288 wrote to memory of 2124	2288	2ae2e8afa334693b7486ff0a82c21850N.exe	35
PID 2288 wrote to memory of 2124	2288	2ae2e8afa334693b7486ff0a82c21850N.exe	35
PID 2288 wrote to memory of 2124	2288	2ae2e8afa334693b7486ff0a82c21850N.exe	35
PID 2404 wrote to memory of 2540	2404	2ae2e8afa334693b7486ff0a82c21850N.exe	36
PID 2404 wrote to memory of 2540	2404	2ae2e8afa334693b7486ff0a82c21850N.exe	36
PID 2404 wrote to memory of 2540	2404	2ae2e8afa334693b7486ff0a82c21850N.exe	36
PID 2404 wrote to memory of 2540	2404	2ae2e8afa334693b7486ff0a82c21850N.exe	36
PID 284 wrote to memory of 1972	284	2ae2e8afa334693b7486ff0a82c21850N.exe	37
PID 284 wrote to memory of 1972	284	2ae2e8afa334693b7486ff0a82c21850N.exe	37
PID 284 wrote to memory of 1972	284	2ae2e8afa334693b7486ff0a82c21850N.exe	37
PID 284 wrote to memory of 1972	284	2ae2e8afa334693b7486ff0a82c21850N.exe	37
PID 1040 wrote to memory of 1988	1040	2ae2e8afa334693b7486ff0a82c21850N.exe	38
PID 1040 wrote to memory of 1988	1040	2ae2e8afa334693b7486ff0a82c21850N.exe	38
PID 1040 wrote to memory of 1988	1040	2ae2e8afa334693b7486ff0a82c21850N.exe	38
PID 1040 wrote to memory of 1988	1040	2ae2e8afa334693b7486ff0a82c21850N.exe	38
PID 1496 wrote to memory of 1336	1496	2ae2e8afa334693b7486ff0a82c21850N.exe	39
PID 1496 wrote to memory of 1336	1496	2ae2e8afa334693b7486ff0a82c21850N.exe	39
PID 1496 wrote to memory of 1336	1496	2ae2e8afa334693b7486ff0a82c21850N.exe	39
PID 1496 wrote to memory of 1336	1496	2ae2e8afa334693b7486ff0a82c21850N.exe	39
PID 2540 wrote to memory of 2452	2540	2ae2e8afa334693b7486ff0a82c21850N.exe	40
PID 2540 wrote to memory of 2452	2540	2ae2e8afa334693b7486ff0a82c21850N.exe	40
PID 2540 wrote to memory of 2452	2540	2ae2e8afa334693b7486ff0a82c21850N.exe	40
PID 2540 wrote to memory of 2452	2540	2ae2e8afa334693b7486ff0a82c21850N.exe	40
PID 836 wrote to memory of 1288	836	2ae2e8afa334693b7486ff0a82c21850N.exe	41
PID 836 wrote to memory of 1288	836	2ae2e8afa334693b7486ff0a82c21850N.exe	41
PID 836 wrote to memory of 1288	836	2ae2e8afa334693b7486ff0a82c21850N.exe	41
PID 836 wrote to memory of 1288	836	2ae2e8afa334693b7486ff0a82c21850N.exe	41
PID 2124 wrote to memory of 2052	2124	2ae2e8afa334693b7486ff0a82c21850N.exe	42
PID 2124 wrote to memory of 2052	2124	2ae2e8afa334693b7486ff0a82c21850N.exe	42
PID 2124 wrote to memory of 2052	2124	2ae2e8afa334693b7486ff0a82c21850N.exe	42
PID 2124 wrote to memory of 2052	2124	2ae2e8afa334693b7486ff0a82c21850N.exe	42
PID 2404 wrote to memory of 1140	2404	2ae2e8afa334693b7486ff0a82c21850N.exe	43
PID 2404 wrote to memory of 1140	2404	2ae2e8afa334693b7486ff0a82c21850N.exe	43
PID 2404 wrote to memory of 1140	2404	2ae2e8afa334693b7486ff0a82c21850N.exe	43
PID 2404 wrote to memory of 1140	2404	2ae2e8afa334693b7486ff0a82c21850N.exe	43
PID 2288 wrote to memory of 2164	2288	2ae2e8afa334693b7486ff0a82c21850N.exe	44
PID 2288 wrote to memory of 2164	2288	2ae2e8afa334693b7486ff0a82c21850N.exe	44
PID 2288 wrote to memory of 2164	2288	2ae2e8afa334693b7486ff0a82c21850N.exe	44
PID 2288 wrote to memory of 2164	2288	2ae2e8afa334693b7486ff0a82c21850N.exe	44
PID 1988 wrote to memory of 2176	1988	2ae2e8afa334693b7486ff0a82c21850N.exe	45
PID 1988 wrote to memory of 2176	1988	2ae2e8afa334693b7486ff0a82c21850N.exe	45
PID 1988 wrote to memory of 2176	1988	2ae2e8afa334693b7486ff0a82c21850N.exe	45
PID 1988 wrote to memory of 2176	1988	2ae2e8afa334693b7486ff0a82c21850N.exe	45

C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
"C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2288
- C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
  "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2404
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:836
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1040
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1988
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        8⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        9⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        10⤵
        
        PID:10512
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        10⤵
        
        PID:21428
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        9⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        9⤵
        
        PID:13876
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        8⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        9⤵
        
        PID:9632
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        9⤵
        
        PID:18368
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        8⤵
        
        PID:7252
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        9⤵
        
        PID:11360
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        9⤵
        
        PID:22776
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        8⤵
        
        PID:12456
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        8⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        9⤵
        
        PID:11372
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        9⤵
        
        PID:22588
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        8⤵
        
        PID:8980
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        8⤵
        
        PID:21552
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        8⤵
        
        PID:8528
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        8⤵
        
        PID:11396
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        8⤵
        
        PID:19856
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:7656
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:10548
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:22768
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        8⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        8⤵
        
        PID:9688
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        8⤵
        
        PID:17420
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        8⤵
        
        PID:9608
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        8⤵
        
        PID:18108
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:7576
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:13940
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        8⤵
        
        PID:22348
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:8996
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:22620
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:9640
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:20472
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:7596
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:12056
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:19836
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2916
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        8⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        8⤵
        
        PID:10176
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        8⤵
        
        PID:10192
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:17692
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        8⤵
        
        PID:21404
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:9592
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:10920
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:21436
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:8184
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:11412
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1480
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:6540
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:10200
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:9648
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:19932
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:8988
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:17920
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:3796
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:12672
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:21868
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:10248
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:17856
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:5456
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:10932
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:17312
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:8104
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:17276
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1288
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1340
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        8⤵
        
        PID:9704
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        8⤵
        
        PID:17768
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:7704
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:12024
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:19764
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:14020
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:22332
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:10232
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:17336
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2836
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:12660
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:5912
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:9752
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:21808
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:3844
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:22324
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:10012
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:5484
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:10940
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:21568
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:8096
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:12524
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:352
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:17756
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1352
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:3128
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:10060
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:22696
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:7872
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:12508
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:19892
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:13920
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:4612
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:8260
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:17896
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:6488
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:10208
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:16248
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:1036
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:4844
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:8500
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:10556
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:6624
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:21468
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:9060
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:20492
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:3972
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:7428
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:9792
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:18072
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:6116
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:11000
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:14044
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:9208
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:22612
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2540
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2452
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:840
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        8⤵
        
        PID:9656
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        8⤵
        
        PID:17412
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:7580
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:11944
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:21884
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:8016
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        8⤵
        
        PID:12492
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        8⤵
        
        PID:19912
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:13932
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:6304
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:10020
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:2368
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:8036
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:13676
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:19812
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:11404
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:10144
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:19820
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4068
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:7204
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:12016
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:5900
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:22284
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:9004
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:21560
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:328
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:3060
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:7672
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        8⤵
        
        PID:12500
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        8⤵
        
        PID:17936
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:11988
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:17944
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:5780
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:9768
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:22564
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:3684
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:5832
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:9800
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:5340
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:10044
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:7960
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:22292
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:13712
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:21672
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:1936
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4344
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:7980
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:13752
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:6204
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:11252
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:9968
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:13840
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:22356
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:4048
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:7288
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:21388
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:12188
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:5884
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:11420
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:17748
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:9036
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:20332
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1140
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:1608
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3216
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:9624
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:18084
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:7920
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:13972
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4640
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:7884
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:14028
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:6460
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:11440
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:10216
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:17328
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:308
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:4892
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:9116
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:21380
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:6940
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:9124
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:19716
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:2636
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:7460
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:9776
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:17864
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:6124
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:21412
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:9176
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:22704
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1772
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:3180
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:5016
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:9892
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:21828
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:7864
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:13984
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:4656
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:7972
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:17072
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:13832
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:22392
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:6504
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:9044
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:22740
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1760
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:4496
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:8148
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:13964
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:6332
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:10036
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:14036
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3852
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:7176
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:12000
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:21876
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    PID:5820
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:9584
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:18612
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    PID:9020
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    PID:17816
- C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
  "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1496
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:284
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1972
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:812
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        8⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        9⤵
        
        PID:10068
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        8⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        8⤵
        
        PID:13740
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        8⤵
        
        PID:22340
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        8⤵
        
        PID:9084
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        8⤵
        
        PID:19328
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:7312
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:9680
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:18408
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        8⤵
        
        PID:11520
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:8324
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:17720
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:9380
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:17772
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:22300
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:12196
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:19740
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2852
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:9976
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:14012
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:22364
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:8972
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:21576
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:8276
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:17912
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3612
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:17368
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:9164
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:22636
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:1552
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:10108
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:19748
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:7888
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:13912
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2336
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:1644
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:9880
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:22556
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:9372
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:19708
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:8284
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:17928
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3584
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:5992
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:9156
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:19732
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:4668
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:10124
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:20104
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:7904
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:13904
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2556
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3272
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:6320
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:10520
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:21372
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:5600
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:12432
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:8332
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:17880
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:3668
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:6028
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:9736
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:17448
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:5316
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:9992
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:7848
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:12532
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:10544
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:13704
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:19864
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1336
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2080
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:3200
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:10088
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:19872
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:12484
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:19632
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:13652
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:21680
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4600
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:7792
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:17848
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:6476
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:8876
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:17320
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:852
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4204
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:12516
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:19904
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:13768
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:5368
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:9808
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:2192
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:3696
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:6296
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:10256
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:17872
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:5612
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:8212
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:19432
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:7612
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:17636
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:888
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2668
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3780
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:10912
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:17268
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:10028
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:5448
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:9864
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:22732
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:8064
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:3640
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:5292
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:9664
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:21844
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:9712
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:17352
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:5256
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:10136
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:17304
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:7832
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:13776
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:11340
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2304
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4256
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:7948
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:13896
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:5908
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:9744
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:17344
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3864
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:6668
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:22308
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:10152
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:19828
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    PID:5464
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:10184
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    PID:8292
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    PID:17904
- C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
  "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2124
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2052
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1544
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3136
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:9616
        
        C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        7⤵
        
        PID:18056
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:7736
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:12252
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:19756
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4592
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:7688
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:13800
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:11536
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:6428
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:12680
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:21856
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:10224
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:17400
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2064
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4816
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:8480
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:11380
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:19804
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:6580
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:9760
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:19448
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:9068
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:20740
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:3976
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:7364
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:12720
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:6016
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:11488
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:9728
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:17384
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    PID:1708
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:3284
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:5184
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:9600
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:18336
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:7796
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:13688
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:19844
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4732
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:8252
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:17360
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:6552
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:22316
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:9092
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2152
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:4572
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:8024
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:13696
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:22372
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:6400
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:9856
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:1620
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4004
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:7624
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:11980
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:19440
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    PID:6076
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    PID:9184
- C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
  "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2164
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1732
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3240
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:5124
      - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        6⤵
        
        PID:10052
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:7812
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:13760
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4676
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:7772
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:17644
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:6512
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:9696
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:19920
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:9028
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:22628
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2260
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:4768
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:9052
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:22548
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:6948
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:9132
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:19780
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    PID:3768
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:7396
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:9672
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:17392
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    PID:6008
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:10528
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:17376
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    PID:9720
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    PID:19724
- C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
  "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2960
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3260
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:5220
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:9920
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:20112
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:7928
    - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
        5⤵
        
        PID:12008
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:13952
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4712
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:7936
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:14000
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    PID:6524
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:19880
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    PID:9012
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    PID:22656
- C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
  "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1004
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4704
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:8268
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:17888
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    PID:6632
  - - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
      "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
      4⤵
      PID:11388
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    PID:9076
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    PID:17728
- C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
  "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
  2⤵
  PID:3540
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    PID:7372
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    PID:9784
- - C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
    3⤵
    PID:20464
- C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
  "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
  2⤵
  PID:6096
- C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
  "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
  2⤵
  PID:9200
- C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe
  "C:\Users\Admin\AppData\Local\Temp\2ae2e8afa334693b7486ff0a82c21850N.exe"
  2⤵
  PID:17740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\cum several models swallow (Jenna).mpeg.exe

Filesize
419KB

MD5
f285da6aa23d94e5c6626aef093d11e4

SHA1
7cee0fa5f2e3c374629b5a206c55465ccc60450b

SHA256
5c046df6f2151e802208f9e6cf72e400cb73f5c923f7cebeacb214e7a437bb44

SHA512
55a5e9e3827889569f7b15cb5e325e7587cb1301adf4ff19244e53b9c4300e2153189d5a2fefbad9f902c4fc42f1ae4803d96aebd9b954c84516ea4c3188aa59

Download Submit
C:\debug.txt

Filesize
183B

MD5
0c728bc0912285bab13a7860f63ad104

SHA1
54f68713c9c25add45bc5d94728f80cbd1975d5c

SHA256
bfe2df56b12a91ca8b17ec5e3cd88fa79b6673f1912c049ed5be93a9518e5c09

SHA512
fc8488962c035a32f821a82988e693287dd002bce759874f4e9836982533287a0d8c8ce83b99aee0496bd622529ff72c6d99cbdee6c6392a0fa170b4f60c40e9

Download Submit
memory/284-96-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/284-183-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/284-114-0x0000000005060000-0x000000000508B000-memory.dmp

Filesize
172KB

Download
memory/284-101-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/284-144-0x0000000005060000-0x000000000508B000-memory.dmp

Filesize
172KB

Download
memory/328-147-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/328-119-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/812-132-0x0000000004590000-0x00000000045BB000-memory.dmp

Filesize
172KB

Download
memory/812-170-0x0000000004F20000-0x0000000004F4B000-memory.dmp

Filesize
172KB

Download
memory/836-94-0x0000000004590000-0x00000000045BB000-memory.dmp

Filesize
172KB

Download
memory/836-180-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/836-157-0x0000000004F70000-0x0000000004F9B000-memory.dmp

Filesize
172KB

Download
memory/836-91-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/840-120-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/840-162-0x0000000002020000-0x000000000204B000-memory.dmp

Filesize
172KB

Download
memory/888-117-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/888-175-0x0000000004F40000-0x0000000004F6B000-memory.dmp

Filesize
172KB

Download
memory/888-139-0x0000000004E00000-0x0000000004E2B000-memory.dmp

Filesize
172KB

Download
memory/1040-102-0x0000000002010000-0x000000000203B000-memory.dmp

Filesize
172KB

Download
memory/1040-182-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1040-95-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1140-159-0x0000000004F20000-0x0000000004F4B000-memory.dmp

Filesize
172KB

Download
memory/1140-108-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1140-126-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/1288-149-0x0000000004F40000-0x0000000004F6B000-memory.dmp

Filesize
172KB

Download
memory/1288-106-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1336-150-0x0000000004F20000-0x0000000004F4B000-memory.dmp

Filesize
172KB

Download
memory/1336-105-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1336-122-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/1340-123-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1352-163-0x00000000045B0000-0x00000000045DB000-memory.dmp

Filesize
172KB

Download
memory/1352-130-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1480-148-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1496-116-0x0000000004F20000-0x0000000004F4B000-memory.dmp

Filesize
172KB

Download
memory/1496-93-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1496-181-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1544-127-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1584-134-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1584-168-0x00000000045D0000-0x00000000045FB000-memory.dmp

Filesize
172KB

Download
memory/1608-165-0x0000000005060000-0x000000000508B000-memory.dmp

Filesize
172KB

Download
memory/1608-131-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1644-142-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1708-167-0x0000000004CE0000-0x0000000004D0B000-memory.dmp

Filesize
172KB

Download
memory/1708-124-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1732-125-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1772-164-0x0000000004F40000-0x0000000004F6B000-memory.dmp

Filesize
172KB

Download
memory/1772-121-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1972-174-0x0000000004F60000-0x0000000004F8B000-memory.dmp

Filesize
172KB

Download
memory/1972-141-0x0000000004F60000-0x0000000004F8B000-memory.dmp

Filesize
172KB

Download
memory/1972-113-0x0000000004550000-0x000000000457B000-memory.dmp

Filesize
172KB

Download
memory/1972-103-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1988-111-0x0000000004E30000-0x0000000004E5B000-memory.dmp

Filesize
172KB

Download
memory/1988-172-0x00000000050B0000-0x00000000050DB000-memory.dmp

Filesize
172KB

Download
memory/1988-104-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1988-136-0x00000000050B0000-0x00000000050DB000-memory.dmp

Filesize
172KB

Download
memory/2052-109-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2052-155-0x0000000005060000-0x000000000508B000-memory.dmp

Filesize
172KB

Download
memory/2080-129-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2124-186-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2124-99-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2124-158-0x0000000004F20000-0x0000000004F4B000-memory.dmp

Filesize
172KB

Download
memory/2164-156-0x0000000005070000-0x000000000509B000-memory.dmp

Filesize
172KB

Download
memory/2164-110-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2176-133-0x0000000004E10000-0x0000000004E3B000-memory.dmp

Filesize
172KB

Download
memory/2176-112-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2176-171-0x0000000004F50000-0x0000000004F7B000-memory.dmp

Filesize
172KB

Download
memory/2288-177-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2288-184-0x0000000005340000-0x000000000536B000-memory.dmp

Filesize
172KB

Download
memory/2288-66-0x0000000005330000-0x000000000535B000-memory.dmp

Filesize
172KB

Download
memory/2288-92-0x0000000005340000-0x000000000536B000-memory.dmp

Filesize
172KB

Download
memory/2288-178-0x0000000005330000-0x000000000535B000-memory.dmp

Filesize
172KB

Download
memory/2288-97-0x0000000005340000-0x000000000536B000-memory.dmp

Filesize
172KB

Download
memory/2288-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2336-138-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/2336-115-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2336-173-0x0000000004F20000-0x0000000004F4B000-memory.dmp

Filesize
172KB

Download
memory/2404-153-0x0000000005070000-0x000000000509B000-memory.dmp

Filesize
172KB

Download
memory/2404-67-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2404-179-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2452-107-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2452-154-0x0000000004720000-0x000000000474B000-memory.dmp

Filesize
172KB

Download
memory/2540-152-0x0000000005070000-0x000000000509B000-memory.dmp

Filesize
172KB

Download
memory/2540-185-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2540-98-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2556-146-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2668-140-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2704-137-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2768-135-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2768-169-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/2820-145-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2836-151-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2852-143-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2916-176-0x0000000004F20000-0x0000000004F4B000-memory.dmp

Filesize
172KB

Download
memory/2916-118-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2960-128-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2960-166-0x0000000004F20000-0x0000000004F4B000-memory.dmp

Filesize
172KB

Download