a4b333ba9c922d839744981725cc13851f85ebbdfb56b491ffdeaa04bf1a57c1

Analysis

max time kernel
22s
max time network
120s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
18/08/2024, 06:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

41d9da36ee62a48e71532655c5c2ea20N.exe
Size

652KB
MD5

41d9da36ee62a48e71532655c5c2ea20
SHA1

4ed5fbd42073a4e460dc14473473bb1ae04e4bad
SHA256

a4b333ba9c922d839744981725cc13851f85ebbdfb56b491ffdeaa04bf1a57c1
SHA512

4842d6c21d5f1d1c75af241782078dc3408a17ce10695bdf747a7ea927589506f16f7bc20dadb64a8948f3340b770b520b0ccadfe12559ac7cfc8b85a692c062
SSDEEP

12288:dXCNi9BGJMsa7l8zoAmuRCJfrcWnkyI25awbxLmdU9Y+b+CugE8biPin6fLYRn:oWstalEBRCJ3/5XE1ME8+iniMRn

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	41d9da36ee62a48e71532655c5c2ea20N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Q:	41d9da36ee62a48e71532655c5c2ea20N.exe
File opened (read-only)	\??\T:	41d9da36ee62a48e71532655c5c2ea20N.exe
File opened (read-only)	\??\U:	41d9da36ee62a48e71532655c5c2ea20N.exe
File opened (read-only)	\??\Y:	41d9da36ee62a48e71532655c5c2ea20N.exe
File opened (read-only)	\??\Z:	41d9da36ee62a48e71532655c5c2ea20N.exe
File opened (read-only)	\??\I:	41d9da36ee62a48e71532655c5c2ea20N.exe
File opened (read-only)	\??\K:	41d9da36ee62a48e71532655c5c2ea20N.exe
File opened (read-only)	\??\G:	41d9da36ee62a48e71532655c5c2ea20N.exe
File opened (read-only)	\??\L:	41d9da36ee62a48e71532655c5c2ea20N.exe
File opened (read-only)	\??\M:	41d9da36ee62a48e71532655c5c2ea20N.exe
File opened (read-only)	\??\N:	41d9da36ee62a48e71532655c5c2ea20N.exe
File opened (read-only)	\??\O:	41d9da36ee62a48e71532655c5c2ea20N.exe
File opened (read-only)	\??\R:	41d9da36ee62a48e71532655c5c2ea20N.exe
File opened (read-only)	\??\B:	41d9da36ee62a48e71532655c5c2ea20N.exe
File opened (read-only)	\??\E:	41d9da36ee62a48e71532655c5c2ea20N.exe
File opened (read-only)	\??\S:	41d9da36ee62a48e71532655c5c2ea20N.exe
File opened (read-only)	\??\W:	41d9da36ee62a48e71532655c5c2ea20N.exe
File opened (read-only)	\??\P:	41d9da36ee62a48e71532655c5c2ea20N.exe
File opened (read-only)	\??\X:	41d9da36ee62a48e71532655c5c2ea20N.exe
File opened (read-only)	\??\H:	41d9da36ee62a48e71532655c5c2ea20N.exe
File opened (read-only)	\??\J:	41d9da36ee62a48e71532655c5c2ea20N.exe
File opened (read-only)	\??\A:	41d9da36ee62a48e71532655c5c2ea20N.exe
File opened (read-only)	\??\V:	41d9da36ee62a48e71532655c5c2ea20N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\IME\shared\fucking hidden cock ejaculation .zip.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\russian animal lesbian full movie feet stockings (Melissa).zip.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\SysWOW64\FxsTmp\fucking masturbation (Tatjana).mpg.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\SysWOW64\IME\shared\black gang bang gay sleeping .avi.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\lingerie big blondie .mpg.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\brasilian cum lingerie uncut (Sylvia).mpeg.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\System32\DriverStore\Temp\black kicking hardcore several models cock leather (Liz).zip.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\SysWOW64\FxsTmp\french bukkake licking (Janette).mpg.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\italian kicking lingerie licking boots (Anniston,Tatjana).mpg.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\american cum trambling public glans .mpeg.exe	41d9da36ee62a48e71532655c5c2ea20N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\lingerie masturbation hole ejaculation .avi.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Program Files (x86)\Google\Temp\japanese nude bukkake licking glans .rar.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\japanese handjob bukkake [milf] titts shower (Liz).avi.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Program Files\DVD Maker\Shared\bukkake licking .zip.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\bukkake big (Liz).mpeg.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\fucking several models .mpg.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Program Files\Windows Journal\Templates\swedish action trambling [milf] hole .mpeg.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\swedish kicking xxx sleeping .avi.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Program Files (x86)\Google\Update\Download\russian animal beast masturbation titts .mpeg.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\trambling voyeur glans swallow (Liz).zip.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\american handjob trambling public stockings .mpg.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\danish handjob sperm [milf] .zip.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\danish gang bang fucking voyeur YEâPSè& .mpeg.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\horse hidden hotel .mpg.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\sperm voyeur mistress .mpg.exe	41d9da36ee62a48e71532655c5c2ea20N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\russian animal gay catfight (Jade).mpg.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\tyrkish cum bukkake masturbation glans wifey (Curtney).avi.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\american porn sperm voyeur titts .mpeg.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\porn trambling hot (!) .rar.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\canadian trambling sleeping lady .zip.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\fetish hardcore [milf] bedroom (Jenna,Karin).zip.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\lingerie [milf] girly .mpeg.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\xxx several models YEâPSè& .mpg.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\hardcore full movie ejaculation .zip.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\winsxs\InstallTemp\canadian fucking [free] glans .mpeg.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\german lingerie several models ash .avi.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\swedish handjob hardcore [milf] ejaculation .rar.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\british lesbian full movie blondie (Christine,Melissa).mpg.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\malaysia sperm voyeur 50+ .rar.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\horse [milf] .avi.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\british sperm several models feet girly (Jade).rar.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\canadian lesbian hidden cock (Ashley,Melissa).mpeg.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\british hardcore uncut (Sylvia).mpg.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\xxx full movie balls .rar.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\tyrkish cumshot bukkake hidden feet blondie .mpeg.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\malaysia horse hot (!) hole femdom .zip.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\fetish sperm public castration .mpeg.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\assembly\temp\american animal trambling catfight .avi.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\PLA\Templates\indian kicking beast several models (Janette).mpeg.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\african gay public shower .mpg.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\tyrkish handjob lingerie uncut feet bondage .zip.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\blowjob big (Janette).mpeg.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\horse [milf] hole shoes .avi.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\norwegian trambling several models .mpeg.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\african sperm uncut (Karin).zip.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\japanese cum lingerie [free] lady .mpeg.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\lingerie public mistress .mpg.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\hardcore public (Melissa).mpg.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\cumshot hardcore [milf] .avi.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\british trambling voyeur hole .mpeg.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\beastiality beast catfight hole (Sonja,Sarah).avi.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\trambling [milf] fishy .zip.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\horse sleeping .rar.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\brasilian animal sperm several models hole (Jenna,Janette).avi.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\spanish fucking public titts boots .mpg.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\malaysia lingerie [milf] traffic .rar.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\malaysia lesbian [milf] feet .mpeg.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\french hardcore lesbian cock .mpeg.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\british lesbian girls fishy .avi.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\action sperm masturbation cock .avi.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\bukkake several models bedroom .zip.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\malaysia sperm masturbation feet .avi.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\american fetish fucking public feet swallow .avi.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\SoftwareDistribution\Download\american fetish gay catfight bedroom (Gina,Samantha).mpg.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\malaysia horse lesbian hole girly .zip.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\american kicking xxx licking feet fishy (Karin).mpeg.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\Downloaded Program Files\tyrkish kicking bukkake catfight lady .zip.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\bukkake hot (!) feet upskirt .rar.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\spanish horse big titts leather (Sylvia).rar.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\american horse beast voyeur hole latex .mpg.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\trambling catfight hole upskirt (Jade).zip.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\trambling [milf] .mpeg.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\norwegian trambling uncut granny (Sonja,Sarah).mpeg.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\danish gang bang gay lesbian shoes .zip.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\xxx catfight .mpeg.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\norwegian horse [bangbus] cock .zip.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\russian gang bang horse licking hole .avi.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\italian cum xxx [milf] (Melissa).zip.exe	41d9da36ee62a48e71532655c5c2ea20N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\cum lingerie catfight bondage .avi.exe	41d9da36ee62a48e71532655c5c2ea20N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41d9da36ee62a48e71532655c5c2ea20N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41d9da36ee62a48e71532655c5c2ea20N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41d9da36ee62a48e71532655c5c2ea20N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41d9da36ee62a48e71532655c5c2ea20N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41d9da36ee62a48e71532655c5c2ea20N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41d9da36ee62a48e71532655c5c2ea20N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41d9da36ee62a48e71532655c5c2ea20N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41d9da36ee62a48e71532655c5c2ea20N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41d9da36ee62a48e71532655c5c2ea20N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41d9da36ee62a48e71532655c5c2ea20N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41d9da36ee62a48e71532655c5c2ea20N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41d9da36ee62a48e71532655c5c2ea20N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41d9da36ee62a48e71532655c5c2ea20N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41d9da36ee62a48e71532655c5c2ea20N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41d9da36ee62a48e71532655c5c2ea20N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41d9da36ee62a48e71532655c5c2ea20N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41d9da36ee62a48e71532655c5c2ea20N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41d9da36ee62a48e71532655c5c2ea20N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41d9da36ee62a48e71532655c5c2ea20N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41d9da36ee62a48e71532655c5c2ea20N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41d9da36ee62a48e71532655c5c2ea20N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41d9da36ee62a48e71532655c5c2ea20N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41d9da36ee62a48e71532655c5c2ea20N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41d9da36ee62a48e71532655c5c2ea20N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41d9da36ee62a48e71532655c5c2ea20N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41d9da36ee62a48e71532655c5c2ea20N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41d9da36ee62a48e71532655c5c2ea20N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41d9da36ee62a48e71532655c5c2ea20N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41d9da36ee62a48e71532655c5c2ea20N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41d9da36ee62a48e71532655c5c2ea20N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41d9da36ee62a48e71532655c5c2ea20N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41d9da36ee62a48e71532655c5c2ea20N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41d9da36ee62a48e71532655c5c2ea20N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41d9da36ee62a48e71532655c5c2ea20N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41d9da36ee62a48e71532655c5c2ea20N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41d9da36ee62a48e71532655c5c2ea20N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41d9da36ee62a48e71532655c5c2ea20N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41d9da36ee62a48e71532655c5c2ea20N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41d9da36ee62a48e71532655c5c2ea20N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41d9da36ee62a48e71532655c5c2ea20N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41d9da36ee62a48e71532655c5c2ea20N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41d9da36ee62a48e71532655c5c2ea20N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41d9da36ee62a48e71532655c5c2ea20N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41d9da36ee62a48e71532655c5c2ea20N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41d9da36ee62a48e71532655c5c2ea20N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41d9da36ee62a48e71532655c5c2ea20N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41d9da36ee62a48e71532655c5c2ea20N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41d9da36ee62a48e71532655c5c2ea20N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41d9da36ee62a48e71532655c5c2ea20N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41d9da36ee62a48e71532655c5c2ea20N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41d9da36ee62a48e71532655c5c2ea20N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41d9da36ee62a48e71532655c5c2ea20N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41d9da36ee62a48e71532655c5c2ea20N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41d9da36ee62a48e71532655c5c2ea20N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41d9da36ee62a48e71532655c5c2ea20N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41d9da36ee62a48e71532655c5c2ea20N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41d9da36ee62a48e71532655c5c2ea20N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41d9da36ee62a48e71532655c5c2ea20N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41d9da36ee62a48e71532655c5c2ea20N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41d9da36ee62a48e71532655c5c2ea20N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41d9da36ee62a48e71532655c5c2ea20N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41d9da36ee62a48e71532655c5c2ea20N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41d9da36ee62a48e71532655c5c2ea20N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	41d9da36ee62a48e71532655c5c2ea20N.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1460	41d9da36ee62a48e71532655c5c2ea20N.exe
2720	41d9da36ee62a48e71532655c5c2ea20N.exe
1460	41d9da36ee62a48e71532655c5c2ea20N.exe
1708	41d9da36ee62a48e71532655c5c2ea20N.exe
2276	41d9da36ee62a48e71532655c5c2ea20N.exe
2720	41d9da36ee62a48e71532655c5c2ea20N.exe
1460	41d9da36ee62a48e71532655c5c2ea20N.exe
912	41d9da36ee62a48e71532655c5c2ea20N.exe
2144	41d9da36ee62a48e71532655c5c2ea20N.exe
1760	41d9da36ee62a48e71532655c5c2ea20N.exe
2828	41d9da36ee62a48e71532655c5c2ea20N.exe
2276	41d9da36ee62a48e71532655c5c2ea20N.exe
2720	41d9da36ee62a48e71532655c5c2ea20N.exe
1708	41d9da36ee62a48e71532655c5c2ea20N.exe
1460	41d9da36ee62a48e71532655c5c2ea20N.exe
1636	41d9da36ee62a48e71532655c5c2ea20N.exe
2360	41d9da36ee62a48e71532655c5c2ea20N.exe
2044	41d9da36ee62a48e71532655c5c2ea20N.exe
2144	41d9da36ee62a48e71532655c5c2ea20N.exe
1760	41d9da36ee62a48e71532655c5c2ea20N.exe
912	41d9da36ee62a48e71532655c5c2ea20N.exe
1764	41d9da36ee62a48e71532655c5c2ea20N.exe
2828	41d9da36ee62a48e71532655c5c2ea20N.exe
1664	41d9da36ee62a48e71532655c5c2ea20N.exe
2228	41d9da36ee62a48e71532655c5c2ea20N.exe
2028	41d9da36ee62a48e71532655c5c2ea20N.exe
2276	41d9da36ee62a48e71532655c5c2ea20N.exe
2720	41d9da36ee62a48e71532655c5c2ea20N.exe
2212	41d9da36ee62a48e71532655c5c2ea20N.exe
1708	41d9da36ee62a48e71532655c5c2ea20N.exe
1460	41d9da36ee62a48e71532655c5c2ea20N.exe
328	41d9da36ee62a48e71532655c5c2ea20N.exe
3064	41d9da36ee62a48e71532655c5c2ea20N.exe
2432	41d9da36ee62a48e71532655c5c2ea20N.exe
2036	41d9da36ee62a48e71532655c5c2ea20N.exe
1636	41d9da36ee62a48e71532655c5c2ea20N.exe
2360	41d9da36ee62a48e71532655c5c2ea20N.exe
788	41d9da36ee62a48e71532655c5c2ea20N.exe
976	41d9da36ee62a48e71532655c5c2ea20N.exe
1136	41d9da36ee62a48e71532655c5c2ea20N.exe
1076	41d9da36ee62a48e71532655c5c2ea20N.exe
2044	41d9da36ee62a48e71532655c5c2ea20N.exe
2144	41d9da36ee62a48e71532655c5c2ea20N.exe
2828	41d9da36ee62a48e71532655c5c2ea20N.exe
2828	41d9da36ee62a48e71532655c5c2ea20N.exe
2276	41d9da36ee62a48e71532655c5c2ea20N.exe
2276	41d9da36ee62a48e71532655c5c2ea20N.exe
1944	41d9da36ee62a48e71532655c5c2ea20N.exe
1944	41d9da36ee62a48e71532655c5c2ea20N.exe
1760	41d9da36ee62a48e71532655c5c2ea20N.exe
1760	41d9da36ee62a48e71532655c5c2ea20N.exe
1932	41d9da36ee62a48e71532655c5c2ea20N.exe
1932	41d9da36ee62a48e71532655c5c2ea20N.exe
1904	41d9da36ee62a48e71532655c5c2ea20N.exe
1904	41d9da36ee62a48e71532655c5c2ea20N.exe
912	41d9da36ee62a48e71532655c5c2ea20N.exe
912	41d9da36ee62a48e71532655c5c2ea20N.exe
1536	41d9da36ee62a48e71532655c5c2ea20N.exe
1664	41d9da36ee62a48e71532655c5c2ea20N.exe
1664	41d9da36ee62a48e71532655c5c2ea20N.exe
1536	41d9da36ee62a48e71532655c5c2ea20N.exe
2028	41d9da36ee62a48e71532655c5c2ea20N.exe
2028	41d9da36ee62a48e71532655c5c2ea20N.exe
2228	41d9da36ee62a48e71532655c5c2ea20N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1460 wrote to memory of 2720	1460	41d9da36ee62a48e71532655c5c2ea20N.exe	30
PID 1460 wrote to memory of 2720	1460	41d9da36ee62a48e71532655c5c2ea20N.exe	30
PID 1460 wrote to memory of 2720	1460	41d9da36ee62a48e71532655c5c2ea20N.exe	30
PID 1460 wrote to memory of 2720	1460	41d9da36ee62a48e71532655c5c2ea20N.exe	30
PID 2720 wrote to memory of 1708	2720	41d9da36ee62a48e71532655c5c2ea20N.exe	31
PID 2720 wrote to memory of 1708	2720	41d9da36ee62a48e71532655c5c2ea20N.exe	31
PID 2720 wrote to memory of 1708	2720	41d9da36ee62a48e71532655c5c2ea20N.exe	31
PID 2720 wrote to memory of 1708	2720	41d9da36ee62a48e71532655c5c2ea20N.exe	31
PID 1460 wrote to memory of 2276	1460	41d9da36ee62a48e71532655c5c2ea20N.exe	32
PID 1460 wrote to memory of 2276	1460	41d9da36ee62a48e71532655c5c2ea20N.exe	32
PID 1460 wrote to memory of 2276	1460	41d9da36ee62a48e71532655c5c2ea20N.exe	32
PID 1460 wrote to memory of 2276	1460	41d9da36ee62a48e71532655c5c2ea20N.exe	32
PID 1708 wrote to memory of 912	1708	41d9da36ee62a48e71532655c5c2ea20N.exe	33
PID 1708 wrote to memory of 912	1708	41d9da36ee62a48e71532655c5c2ea20N.exe	33
PID 1708 wrote to memory of 912	1708	41d9da36ee62a48e71532655c5c2ea20N.exe	33
PID 1708 wrote to memory of 912	1708	41d9da36ee62a48e71532655c5c2ea20N.exe	33
PID 2276 wrote to memory of 2144	2276	41d9da36ee62a48e71532655c5c2ea20N.exe	34
PID 2276 wrote to memory of 2144	2276	41d9da36ee62a48e71532655c5c2ea20N.exe	34
PID 2276 wrote to memory of 2144	2276	41d9da36ee62a48e71532655c5c2ea20N.exe	34
PID 2276 wrote to memory of 2144	2276	41d9da36ee62a48e71532655c5c2ea20N.exe	34
PID 2720 wrote to memory of 1760	2720	41d9da36ee62a48e71532655c5c2ea20N.exe	35
PID 2720 wrote to memory of 1760	2720	41d9da36ee62a48e71532655c5c2ea20N.exe	35
PID 2720 wrote to memory of 1760	2720	41d9da36ee62a48e71532655c5c2ea20N.exe	35
PID 2720 wrote to memory of 1760	2720	41d9da36ee62a48e71532655c5c2ea20N.exe	35
PID 1460 wrote to memory of 2828	1460	41d9da36ee62a48e71532655c5c2ea20N.exe	36
PID 1460 wrote to memory of 2828	1460	41d9da36ee62a48e71532655c5c2ea20N.exe	36
PID 1460 wrote to memory of 2828	1460	41d9da36ee62a48e71532655c5c2ea20N.exe	36
PID 1460 wrote to memory of 2828	1460	41d9da36ee62a48e71532655c5c2ea20N.exe	36
PID 912 wrote to memory of 1636	912	41d9da36ee62a48e71532655c5c2ea20N.exe	38
PID 912 wrote to memory of 1636	912	41d9da36ee62a48e71532655c5c2ea20N.exe	38
PID 912 wrote to memory of 1636	912	41d9da36ee62a48e71532655c5c2ea20N.exe	38
PID 912 wrote to memory of 1636	912	41d9da36ee62a48e71532655c5c2ea20N.exe	38
PID 2144 wrote to memory of 2360	2144	41d9da36ee62a48e71532655c5c2ea20N.exe	39
PID 2144 wrote to memory of 2360	2144	41d9da36ee62a48e71532655c5c2ea20N.exe	39
PID 2144 wrote to memory of 2360	2144	41d9da36ee62a48e71532655c5c2ea20N.exe	39
PID 2144 wrote to memory of 2360	2144	41d9da36ee62a48e71532655c5c2ea20N.exe	39
PID 1760 wrote to memory of 2044	1760	41d9da36ee62a48e71532655c5c2ea20N.exe	40
PID 1760 wrote to memory of 2044	1760	41d9da36ee62a48e71532655c5c2ea20N.exe	40
PID 1760 wrote to memory of 2044	1760	41d9da36ee62a48e71532655c5c2ea20N.exe	40
PID 1760 wrote to memory of 2044	1760	41d9da36ee62a48e71532655c5c2ea20N.exe	40
PID 2828 wrote to memory of 1664	2828	41d9da36ee62a48e71532655c5c2ea20N.exe	41
PID 2828 wrote to memory of 1664	2828	41d9da36ee62a48e71532655c5c2ea20N.exe	41
PID 2828 wrote to memory of 1664	2828	41d9da36ee62a48e71532655c5c2ea20N.exe	41
PID 2828 wrote to memory of 1664	2828	41d9da36ee62a48e71532655c5c2ea20N.exe	41
PID 2276 wrote to memory of 1764	2276	41d9da36ee62a48e71532655c5c2ea20N.exe	42
PID 2276 wrote to memory of 1764	2276	41d9da36ee62a48e71532655c5c2ea20N.exe	42
PID 2276 wrote to memory of 1764	2276	41d9da36ee62a48e71532655c5c2ea20N.exe	42
PID 2276 wrote to memory of 1764	2276	41d9da36ee62a48e71532655c5c2ea20N.exe	42
PID 2720 wrote to memory of 2028	2720	41d9da36ee62a48e71532655c5c2ea20N.exe	43
PID 2720 wrote to memory of 2028	2720	41d9da36ee62a48e71532655c5c2ea20N.exe	43
PID 2720 wrote to memory of 2028	2720	41d9da36ee62a48e71532655c5c2ea20N.exe	43
PID 2720 wrote to memory of 2028	2720	41d9da36ee62a48e71532655c5c2ea20N.exe	43
PID 1708 wrote to memory of 2228	1708	41d9da36ee62a48e71532655c5c2ea20N.exe	44
PID 1708 wrote to memory of 2228	1708	41d9da36ee62a48e71532655c5c2ea20N.exe	44
PID 1708 wrote to memory of 2228	1708	41d9da36ee62a48e71532655c5c2ea20N.exe	44
PID 1708 wrote to memory of 2228	1708	41d9da36ee62a48e71532655c5c2ea20N.exe	44
PID 1460 wrote to memory of 2212	1460	41d9da36ee62a48e71532655c5c2ea20N.exe	45
PID 1460 wrote to memory of 2212	1460	41d9da36ee62a48e71532655c5c2ea20N.exe	45
PID 1460 wrote to memory of 2212	1460	41d9da36ee62a48e71532655c5c2ea20N.exe	45
PID 1460 wrote to memory of 2212	1460	41d9da36ee62a48e71532655c5c2ea20N.exe	45
PID 2360 wrote to memory of 328	2360	41d9da36ee62a48e71532655c5c2ea20N.exe	46
PID 2360 wrote to memory of 328	2360	41d9da36ee62a48e71532655c5c2ea20N.exe	46
PID 2360 wrote to memory of 328	2360	41d9da36ee62a48e71532655c5c2ea20N.exe	46
PID 2360 wrote to memory of 328	2360	41d9da36ee62a48e71532655c5c2ea20N.exe	46

C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
"C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1460
- C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
  "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2720
- - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
    "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1708
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:912
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:1636
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        9⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        10⤵
        
        PID:11980
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        10⤵
        
        PID:24192
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        9⤵
        
        PID:9116
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        9⤵
        
        PID:17412
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        9⤵
        
        PID:26492
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        8⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        9⤵
        
        PID:9152
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        9⤵
        
        PID:16484
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        9⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        8⤵
        
        PID:7512
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        8⤵
        
        PID:13784
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        8⤵
        
        PID:24152
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        8⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        9⤵
        
        PID:23748
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        8⤵
        
        PID:9364
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        8⤵
        
        PID:17824
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        8⤵
        
        PID:26120
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        8⤵
        
        PID:9864
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        8⤵
        
        PID:19304
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:7544
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        8⤵
        
        PID:12068
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:13716
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:4924
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        8⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        9⤵
        
        PID:12212
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        9⤵
        
        PID:18308
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        9⤵
        
        PID:25928
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        8⤵
        
        PID:9268
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        8⤵
        
        PID:17484
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        8⤵
        
        PID:25784
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        8⤵
        
        PID:10552
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        8⤵
        
        PID:19360
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        8⤵
        
        PID:10640
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        8⤵
        
        PID:19424
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:10760
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:17688
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:25840
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        8⤵
        
        PID:13288
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        8⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:9412
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:18368
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:26224
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:10404
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:18208
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:26128
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:7652
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:11480
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:17624
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:25864
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1136
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        8⤵
        
        PID:9920
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        8⤵
        
        PID:19472
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        8⤵
        
        PID:8764
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:11456
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:23660
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:8272
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:12316
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:24332
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:12204
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:17920
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:25792
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:10348
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:18100
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:26500
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2740
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:8648
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:14472
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:10820
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:6576
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:1012
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:24308
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4196
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:10904
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:24316
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:11428
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:23568
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:6040
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:11488
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:23764
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:8664
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:14456
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:25984
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2228
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:1932
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        8⤵
        
        PID:9020
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        8⤵
        
        PID:17352
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        8⤵
        
        PID:26184
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:9520
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:17804
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:25960
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:7520
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:11348
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:23584
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:12468
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:5336
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:9316
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:17568
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:25976
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:2624
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:8336
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:11640
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:23740
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:6456
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:9560
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:17788
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:13356
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:928
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:12148
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:18012
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:25824
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:9552
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:17772
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:25816
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:5868
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:10172
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:17704
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:25880
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:8624
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:14376
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:25104
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:1500
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2600
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:7496
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        8⤵
        
        PID:13440
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        8⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:11316
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:23692
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:12976
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:17776
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:9492
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:18236
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:25920
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:3528
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:6868
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:12188
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:18276
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:25896
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:10316
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:18040
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:26104
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:5880
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:10472
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:18112
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:8608
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:11332
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:23612
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3268
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:5072
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:8800
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:17840
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:26056
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:6192
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:12368
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:23596
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:4992
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:8872
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:14360
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:25536
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:7140
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:17972
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:12324
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:24372
- - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
    "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1760
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2044
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2036
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        8⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        9⤵
        
        PID:12484
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        9⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        8⤵
        
        PID:9404
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        8⤵
        
        PID:19440
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        8⤵
        
        PID:10376
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        8⤵
        
        PID:17716
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        8⤵
        
        PID:26176
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:7696
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:10340
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:17868
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:25968
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        8⤵
        
        PID:12220
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        8⤵
        
        PID:17552
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        8⤵
        
        PID:25912
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:9284
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:17608
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:26072
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:9848
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:17696
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:25904
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:7604
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:11472
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:17492
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:25776
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2800
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:7208
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:11624
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:23684
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:12476
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:4932
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:9252
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:17616
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:25656
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3320
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:6884
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:10324
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:18092
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:26248
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:5860
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:10584
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:19408
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:8596
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:11444
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:3856
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:788
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2372
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:11292
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:23636
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:26476
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:9244
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:17760
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:25768
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:3572
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:10912
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:23644
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:10068
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:17460
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:25696
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:5916
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:10140
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:17956
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:26088
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:8580
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:10880
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:17948
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:25688
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:2760
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:4288
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:10944
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:24184
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:12408
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:24348
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:6048
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:12492
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:2556
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:9236
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:13476
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:19296
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:17560
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:25704
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4204
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:7000
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:10600
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:19416
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:6028
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:10300
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:19320
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:26592
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:8656
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:14464
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:12992
- - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
    "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2028
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1904
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:3088
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:8968
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        8⤵
        
        PID:13432
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        8⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:14416
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:2820
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:10888
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:24608
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:11664
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:2280
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:4528
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:24112
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:11420
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:19312
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:26608
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:6540
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:10236
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:24380
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:3096
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:5108
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:8748
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:18164
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:26168
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:7124
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:11396
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:23700
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:4508
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:7384
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:11340
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:3604
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:6588
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:12164
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:17936
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:10568
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:10280
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:24356
- - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
    "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
    3⤵
    PID:2368
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2924
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:4812
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:8836
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:14392
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:24200
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:6472
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:13708
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:23604
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:9528
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:17780
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:25944
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:4428
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:8144
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:10920
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:23772
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:14480
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:5380
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:6092
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:11660
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:9420
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:19384
- - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
    "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3104
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:4468
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:8940
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:14384
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:24216
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:6220
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:12052
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:24136
- - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
    "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
    3⤵
    PID:4420
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:7480
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:11356
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:19272
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:26516
- - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
    "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
    3⤵
    PID:5976
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:13500
- - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
    "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
    3⤵
    PID:9308
- - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
    "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
    3⤵
    PID:17476
- - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
    "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
    3⤵
    PID:25680
- C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
  "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2276
- - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
    "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2144
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2360
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:328
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        8⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        9⤵
        
        PID:11300
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        9⤵
        
        PID:23716
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        8⤵
        
        PID:8756
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        8⤵
        
        PID:16508
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        8⤵
        
        PID:13340
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        8⤵
        
        PID:9840
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        8⤵
        
        PID:19328
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:7468
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        8⤵
        
        PID:10732
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:11436
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:23668
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        8⤵
        
        PID:10504
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        8⤵
        
        PID:17996
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:9108
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:17980
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:26064
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:9508
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:17848
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:26152
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:7484
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:11284
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:3596
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2492
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        8⤵
        
        PID:11652
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        8⤵
        
        PID:23732
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:9228
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:17796
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:25832
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:9856
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:19336
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:7944
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:10616
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:18348
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:26096
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:3844
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:13456
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:19280
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:9828
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:19480
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:5648
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:10576
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:18380
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:7932
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:23756
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:10624
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:19400
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2432
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:884
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        8⤵
        
        PID:12060
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        8⤵
        
        PID:18292
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        8⤵
        
        PID:25936
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:9820
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:19460
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:10104
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:17504
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:25720
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:7660
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:13296
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:11616
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:23708
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3700
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:13484
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:6344
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:9276
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:17600
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:13380
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:5544
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:9872
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:19352
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:7688
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:10332
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:17740
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:26144
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:2816
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:3980
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:23376
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:9260
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:17592
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:25760
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:5696
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:9880
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:17928
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:25952
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:8160
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:12376
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:860
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:3548
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:6704
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:9576
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:18172
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:25848
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:5888
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:10188
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:17912
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:25672
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:8632
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:14344
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:3724
- - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
    "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1764
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1536
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2620
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:8856
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:14368
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:1952
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:12132
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:18256
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:25752
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:12360
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:2832
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:3292
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:6836
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:10356
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:18060
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:26508
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:5824
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:10592
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:19376
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:8136
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:14424
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:17916
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:1980
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:5092
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:8792
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:18360
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:26136
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:7096
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:11404
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:19288
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:26600
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:4404
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:7552
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:11372
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:17732
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:5912
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:26112
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:9292
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:17584
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:25856
- - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
    "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1076
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:1680
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:4568
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:9332
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:19368
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:6288
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:10872
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:17860
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:26160
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:12384
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:2948
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:4540
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:8264
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:11672
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:23628
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:6604
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:10272
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:24160
- - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
    "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2864
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:3988
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:6336
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:3536
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:9812
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:19432
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:5752
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:10420
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:13492
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:19264
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:26464
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:18048
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:8784
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:8152
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:14496
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:4088
- - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
    "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
    3⤵
    PID:3872
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:6896
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:12180
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:18216
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:25744
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:10308
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:17420
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:26216
- - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
    "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
    3⤵
    PID:5924
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:10440
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:17732
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:26192
- - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
    "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
    3⤵
    PID:8672
- - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
    "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
    3⤵
    PID:14432
- - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
    "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
    3⤵
    PID:2112
- C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
  "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2828
- - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
    "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1664
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1944
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2160
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:8892
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        8⤵
        
        PID:19448
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:16528
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:12648
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        7⤵
        
        PID:3396
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:11388
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:23652
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:4412
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:7908
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:10608
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:19392
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:5964
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:13468
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:19344
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:9300
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:17576
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:13384
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:2672
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:4660
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:9340
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:17468
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:26232
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:6536
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:10740
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:17968
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:25800
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:12392
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:6248
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:4552
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:8124
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:10928
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:24144
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:11324
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:23576
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:6656
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:12140
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:18316
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:25872
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:10264
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:19524
- - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
    "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:976
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2708
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:4312
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:8808
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:17436
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:26080
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:7020
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:12340
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:3348
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3300
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:6520
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:12172
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:18324
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:25736
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:9544
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:18128
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:25728
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:5836
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:10196
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:17880
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:25888
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:8588
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:11308
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:23724
- - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
    "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2860
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4060
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:6428
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:12356
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:9568
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:18020
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:25712
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:5768
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:8928
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:14408
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:5444
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:7624
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:10936
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:24364
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:11364
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:23560
- - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
    "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3544
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:7044
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:10896
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:23620
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:10632
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:18200
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:12972
- - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
    "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
    3⤵
    PID:5900
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:10456
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:13448
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:4916
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:24120
- - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
    "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
    3⤵
    PID:8572
- - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
    "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
    3⤵
    PID:11412
- - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
    "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
    3⤵
    PID:23676
- C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
  "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:2212
- - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
    "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:892
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:3152
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:5100
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:8920
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:14400
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:5052
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:6244
      - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        6⤵
        
        PID:17968
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:12332
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:24176
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:4484
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:8344
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:12308
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:24208
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:6664
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:13364
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:10248
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:24128
- - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
    "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
    3⤵
    PID:3248
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:5504
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:10088
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:24324
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:7612
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:10288
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:11464
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:19256
- - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
    "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
    3⤵
    PID:4500
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:8316
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:14488
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:8816
- - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
    "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
    3⤵
    PID:6628
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:13352
- - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
    "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
    3⤵
    PID:10000
- - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
    "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
    3⤵
    PID:19488
- C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
  "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1240
- - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
    "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2732
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:4308
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:8948
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:14352
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:23992
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:7092
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:12124
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:17904
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:25808
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:12400
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:24600
- - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
    "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
    3⤵
    PID:4340
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:6904
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:12636
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:24388
- - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
    "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
    3⤵
    PID:6448
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:12196
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:18268
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:12292
- - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
    "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
    3⤵
    PID:9536
- - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
    "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
    3⤵
    PID:17752
- - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
    "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
    3⤵
    PID:25664
- C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
  "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3224
- - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
    "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
    3⤵
    PID:5040
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:8824
    - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
        5⤵
        
        PID:24584
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:17668
  - - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
      "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
      4⤵
      PID:26240
- - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
    "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
    3⤵
    PID:6348
- - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
    "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
    3⤵
    PID:12348
- - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
    "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
    3⤵
    PID:24340
- C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
  "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
  2⤵
  PID:4492
- - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
    "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
    3⤵
    PID:7904
- - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
    "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
    3⤵
    PID:11380
- - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
    "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
    3⤵
    PID:3340
- C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
  "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
  2⤵
  PID:6616
- - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
    "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
    3⤵
    PID:12156
- - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
    "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
    3⤵
    PID:17372
- - C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
    "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
    3⤵
    PID:12108
- C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
  "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
  2⤵
  PID:10256
- C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe
  "C:\Users\Admin\AppData\Local\Temp\41d9da36ee62a48e71532655c5c2ea20N.exe"
  2⤵
  PID:24168

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\lingerie masturbation hole ejaculation .avi.exe

Filesize
811KB

MD5
6cebad293234f653fba60316dc808735

SHA1
3892ac00acee21774ea7b53beac78db8d6c26780

SHA256
5d11eff99bfe0f0655aa4fcfa7b6c5886dc630c7989df247711b7f6669d2acae

SHA512
2dbe1c66402ec11576ef4086ecd6d9ef7e5c70d5b6dd6741dede04c5eb41e97c2f55fe097245836e053cbb8e3039ac453eebf3904dbb5f71ef08e7b285e799e4

Download Submit
C:\debug.txt

Filesize
183B

MD5
e24039c9a849d165c83ca8e867e383d2

SHA1
ea8f0ab47dc1715cf2a983b65c2cd92f8a87b5de

SHA256
84d0fa2a74c9ee78457393885f6daa75aa956f03f49b64ba6b055e6341d48e07

SHA512
924f60bc755677e676d765a8a8b842da8458a0ed430569cfabe0ba9b69d5235cade19f3d22a0013f4a4b54064a373fa3fd0f926bbf38e93ff34802f7acfc05b7

Download Submit
memory/328-120-0x0000000004E50000-0x0000000004E7B000-memory.dmp

Filesize
172KB

Download
memory/788-125-0x0000000001FF0000-0x000000000201B000-memory.dmp

Filesize
172KB

Download
memory/788-108-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/884-169-0x0000000004590000-0x00000000045BB000-memory.dmp

Filesize
172KB

Download
memory/892-117-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/912-90-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/912-124-0x0000000002000000-0x000000000202B000-memory.dmp

Filesize
172KB

Download
memory/912-167-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/912-96-0x0000000002000000-0x000000000202B000-memory.dmp

Filesize
172KB

Download
memory/928-189-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/976-127-0x0000000004E30000-0x0000000004E5B000-memory.dmp

Filesize
172KB

Download
memory/976-109-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1076-110-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1136-144-0x0000000004E30000-0x0000000004E5B000-memory.dmp

Filesize
172KB

Download
memory/1240-115-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1240-134-0x0000000004E20000-0x0000000004E4B000-memory.dmp

Filesize
172KB

Download
memory/1460-175-0x00000000050D0000-0x00000000050FB000-memory.dmp

Filesize
172KB

Download
memory/1460-147-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1460-80-0x00000000050D0000-0x00000000050FB000-memory.dmp

Filesize
172KB

Download
memory/1460-114-0x00000000050D0000-0x00000000050FB000-memory.dmp

Filesize
172KB

Download
memory/1460-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1460-145-0x00000000050D0000-0x00000000050FB000-memory.dmp

Filesize
172KB

Download
memory/1500-129-0x0000000004E30000-0x0000000004E5B000-memory.dmp

Filesize
172KB

Download
memory/1536-128-0x0000000004E30000-0x0000000004E5B000-memory.dmp

Filesize
172KB

Download
memory/1636-99-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1636-179-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1664-101-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1664-181-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1680-140-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1708-159-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1760-170-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1760-92-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1760-123-0x0000000004F60000-0x0000000004F8B000-memory.dmp

Filesize
172KB

Download
memory/1764-111-0x0000000004E20000-0x0000000004E4B000-memory.dmp

Filesize
172KB

Download
memory/1764-103-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1764-183-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1932-137-0x0000000004E20000-0x0000000004E4B000-memory.dmp

Filesize
172KB

Download
memory/1944-135-0x0000000004E70000-0x0000000004E9B000-memory.dmp

Filesize
172KB

Download
memory/2028-102-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2028-182-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2036-163-0x00000000050A0000-0x00000000050CB000-memory.dmp

Filesize
172KB

Download
memory/2036-107-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2044-180-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2044-100-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2144-171-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2144-93-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2144-122-0x00000000050C0000-0x00000000050EB000-memory.dmp

Filesize
172KB

Download
memory/2144-97-0x0000000004590000-0x00000000045BB000-memory.dmp

Filesize
172KB

Download
memory/2212-116-0x0000000004CE0000-0x0000000004D0B000-memory.dmp

Filesize
172KB

Download
memory/2212-192-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2212-105-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2228-191-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2228-104-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2276-161-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2276-91-0x00000000045A0000-0x00000000045CB000-memory.dmp

Filesize
172KB

Download
memory/2360-98-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2368-113-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2368-133-0x0000000004E30000-0x0000000004E5B000-memory.dmp

Filesize
172KB

Download
memory/2380-156-0x0000000004E40000-0x0000000004E6B000-memory.dmp

Filesize
172KB

Download
memory/2380-121-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2432-162-0x0000000004F70000-0x0000000004F9B000-memory.dmp

Filesize
172KB

Download
memory/2432-106-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2492-166-0x0000000004E20000-0x0000000004E4B000-memory.dmp

Filesize
172KB

Download
memory/2600-132-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2620-131-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2672-139-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2708-130-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2720-89-0x0000000004E20000-0x0000000004E4B000-memory.dmp

Filesize
172KB

Download
memory/2720-136-0x00000000050B0000-0x00000000050DB000-memory.dmp

Filesize
172KB

Download
memory/2720-112-0x00000000050B0000-0x00000000050DB000-memory.dmp

Filesize
172KB

Download
memory/2720-157-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2732-138-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2740-126-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2828-176-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2828-94-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2860-177-0x0000000004E20000-0x0000000004E4B000-memory.dmp

Filesize
172KB

Download
memory/2864-172-0x0000000004E20000-0x0000000004E4B000-memory.dmp

Filesize
172KB

Download
memory/3088-141-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3104-142-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3152-143-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3224-146-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3292-185-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3300-184-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3320-186-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3528-187-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3544-188-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3548-193-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3608-158-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3664-160-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3700-165-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3708-164-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3716-168-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3872-190-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3980-174-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3988-173-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4060-178-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download