3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12

Analysis

max time kernel
149s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
21/08/2024, 10:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
Size

1.4MB
MD5

a7d556fe55e0e65a90ae6736f8b5b2ef
SHA1

8515062d32f240af1e1a30de58eaa9dc9010eff2
SHA256

3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12
SHA512

e05b9a3dc6e2a0f77d748bf75977e0924c1a5f532418baa923d0428fd3657cb197855ff79f7c86ebd52c4d8a69b4456142b46eb78c035424ef79f052e6838a7e
SSDEEP

24576:ZqDEvCTbMWu7rQYlBQcBiT6rprG8aAyGyH4ImIbDA1p4nHdPf:ZTvC/MTQYxsWR7aAy/BmRH4H9

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2152	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
2152	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
2800	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
2800	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
2564	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
2564	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
2584	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
2584	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
1668	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
1668	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
3032	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
3032	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
636	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
636	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
2928	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
2928	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
2836	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
2836	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
1392	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
1392	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
1244	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
1244	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
2856	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
2856	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
1048	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
1048	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
2540	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
2540	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
2268	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
2268	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
1308	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
1308	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
1288	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
1288	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
1916	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
1916	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
1256	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
1256	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
1532	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
1532	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
1992	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
1992	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
2016	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
2016	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
1648	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
1648	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
1200	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
1200	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
2324	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
2324	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
1564	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
1564	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
1904	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
1904	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
2876	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
2876	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
2612	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
2612	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
2624	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
2624	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
1724	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
1724	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
3048	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
3048	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2152	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
2152	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
2800	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
2800	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
2564	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
2564	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
2584	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
2584	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
1668	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
1668	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
3032	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
3032	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
636	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
636	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
2928	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
2928	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
2836	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
2836	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
1392	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
1392	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
1244	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
1244	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
2856	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
2856	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
1048	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
1048	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
2540	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
2540	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
2268	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
2268	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
1308	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
1308	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
1288	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
1288	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
1916	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
1916	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
1256	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
1256	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
1532	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
1532	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
1992	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
1992	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
2016	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
2016	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
1648	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
1648	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
1200	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
1200	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
2324	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
2324	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
1564	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
1564	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
1904	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
1904	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
2876	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
2876	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
2612	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
2612	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
2624	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
2624	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
1724	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
1724	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
3048	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
3048	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2152 wrote to memory of 2800	2152	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe	31
PID 2152 wrote to memory of 2800	2152	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe	31
PID 2152 wrote to memory of 2800	2152	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe	31
PID 2152 wrote to memory of 2800	2152	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe	31
PID 2800 wrote to memory of 2564	2800	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe	32
PID 2800 wrote to memory of 2564	2800	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe	32
PID 2800 wrote to memory of 2564	2800	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe	32
PID 2800 wrote to memory of 2564	2800	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe	32
PID 2564 wrote to memory of 2584	2564	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe	33
PID 2564 wrote to memory of 2584	2564	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe	33
PID 2564 wrote to memory of 2584	2564	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe	33
PID 2564 wrote to memory of 2584	2564	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe	33
PID 2584 wrote to memory of 1668	2584	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe	34
PID 2584 wrote to memory of 1668	2584	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe	34
PID 2584 wrote to memory of 1668	2584	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe	34
PID 2584 wrote to memory of 1668	2584	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe	34
PID 1668 wrote to memory of 3032	1668	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe	35
PID 1668 wrote to memory of 3032	1668	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe	35
PID 1668 wrote to memory of 3032	1668	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe	35
PID 1668 wrote to memory of 3032	1668	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe	35
PID 3032 wrote to memory of 636	3032	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe	36
PID 3032 wrote to memory of 636	3032	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe	36
PID 3032 wrote to memory of 636	3032	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe	36
PID 3032 wrote to memory of 636	3032	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe	36
PID 636 wrote to memory of 2928	636	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe	37
PID 636 wrote to memory of 2928	636	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe	37
PID 636 wrote to memory of 2928	636	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe	37
PID 636 wrote to memory of 2928	636	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe	37
PID 2928 wrote to memory of 2836	2928	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe	38
PID 2928 wrote to memory of 2836	2928	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe	38
PID 2928 wrote to memory of 2836	2928	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe	38
PID 2928 wrote to memory of 2836	2928	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe	38
PID 2836 wrote to memory of 1392	2836	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe	39
PID 2836 wrote to memory of 1392	2836	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe	39
PID 2836 wrote to memory of 1392	2836	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe	39
PID 2836 wrote to memory of 1392	2836	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe	39
PID 1392 wrote to memory of 1244	1392	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe	40
PID 1392 wrote to memory of 1244	1392	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe	40
PID 1392 wrote to memory of 1244	1392	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe	40
PID 1392 wrote to memory of 1244	1392	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe	40
PID 1244 wrote to memory of 2856	1244	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe	41
PID 1244 wrote to memory of 2856	1244	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe	41
PID 1244 wrote to memory of 2856	1244	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe	41
PID 1244 wrote to memory of 2856	1244	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe	41
PID 2856 wrote to memory of 1048	2856	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe	42
PID 2856 wrote to memory of 1048	2856	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe	42
PID 2856 wrote to memory of 1048	2856	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe	42
PID 2856 wrote to memory of 1048	2856	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe	42
PID 1048 wrote to memory of 2540	1048	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe	43
PID 1048 wrote to memory of 2540	1048	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe	43
PID 1048 wrote to memory of 2540	1048	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe	43
PID 1048 wrote to memory of 2540	1048	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe	43
PID 2540 wrote to memory of 2268	2540	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe	44
PID 2540 wrote to memory of 2268	2540	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe	44
PID 2540 wrote to memory of 2268	2540	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe	44
PID 2540 wrote to memory of 2268	2540	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe	44
PID 2268 wrote to memory of 1308	2268	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe	45
PID 2268 wrote to memory of 1308	2268	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe	45
PID 2268 wrote to memory of 1308	2268	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe	45
PID 2268 wrote to memory of 1308	2268	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe	45
PID 1308 wrote to memory of 1288	1308	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe	46
PID 1308 wrote to memory of 1288	1308	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe	46
PID 1308 wrote to memory of 1288	1308	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe	46
PID 1308 wrote to memory of 1288	1308	3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe	46

C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
"C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2152
- C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
  "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
  2⤵
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2800
- - C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
    "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
    3⤵
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:2564
  - - C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
      "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:2584
    - - C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        5⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1668
      - C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        6⤵
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        7⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        8⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        9⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        10⤵
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        11⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        12⤵
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        13⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        14⤵
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        15⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        16⤵
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        17⤵
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        18⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        19⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        20⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        21⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        22⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        23⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        24⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        25⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        26⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        27⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        28⤵
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        29⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        30⤵
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        31⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        32⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        33⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        34⤵
        System Location Discovery: System Language Discovery
        
        PID:264
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        35⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        36⤵
        System Location Discovery: System Language Discovery
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        37⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        38⤵
        System Location Discovery: System Language Discovery
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        39⤵
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        40⤵
        System Location Discovery: System Language Discovery
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        41⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        42⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        43⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        44⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        45⤵
        System Location Discovery: System Language Discovery
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        46⤵
        System Location Discovery: System Language Discovery
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        47⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        48⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        49⤵
        System Location Discovery: System Language Discovery
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        50⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        51⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        52⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        53⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        54⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        55⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        56⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        57⤵
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        58⤵
        System Location Discovery: System Language Discovery
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        59⤵
        System Location Discovery: System Language Discovery
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        60⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        61⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        62⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        63⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        64⤵
        System Location Discovery: System Language Discovery
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        65⤵
        System Location Discovery: System Language Discovery
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        66⤵
        
        PID:272
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        67⤵
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        68⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        69⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        70⤵
        System Location Discovery: System Language Discovery
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        71⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        72⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        73⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        74⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        75⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        76⤵
        System Location Discovery: System Language Discovery
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        77⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        78⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        79⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        80⤵
        System Location Discovery: System Language Discovery
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        81⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        82⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        83⤵
        System Location Discovery: System Language Discovery
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        84⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        85⤵
        System Location Discovery: System Language Discovery
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        86⤵
        System Location Discovery: System Language Discovery
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        87⤵
        System Location Discovery: System Language Discovery
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        88⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        89⤵
        System Location Discovery: System Language Discovery
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        90⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        91⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        92⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        93⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        94⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        95⤵
        System Location Discovery: System Language Discovery
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        96⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        97⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        98⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        99⤵
        
        PID:788
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        100⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        101⤵
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        102⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        103⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        104⤵
        System Location Discovery: System Language Discovery
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        105⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        106⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        107⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        108⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        109⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        110⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        111⤵
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        112⤵
        System Location Discovery: System Language Discovery
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        113⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        114⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        115⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        116⤵
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        117⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        118⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        119⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        120⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        121⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        122⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        123⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        124⤵
        System Location Discovery: System Language Discovery
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        125⤵
        System Location Discovery: System Language Discovery
        
        PID:480
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        126⤵
        
        PID:304
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        127⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        128⤵
        System Location Discovery: System Language Discovery
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        129⤵
        System Location Discovery: System Language Discovery
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        130⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        131⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        132⤵
        System Location Discovery: System Language Discovery
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        133⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        134⤵
        System Location Discovery: System Language Discovery
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        135⤵
        
        PID:108
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        136⤵
        System Location Discovery: System Language Discovery
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        137⤵
        System Location Discovery: System Language Discovery
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        138⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        139⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        140⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        141⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        142⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        143⤵
        System Location Discovery: System Language Discovery
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        144⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        145⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        146⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        147⤵
        System Location Discovery: System Language Discovery
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        148⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        149⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        150⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        151⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        152⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        153⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        154⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        155⤵
        System Location Discovery: System Language Discovery
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        156⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        157⤵
        System Location Discovery: System Language Discovery
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        158⤵
        System Location Discovery: System Language Discovery
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        159⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        160⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        161⤵
        System Location Discovery: System Language Discovery
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        162⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        163⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        164⤵
        System Location Discovery: System Language Discovery
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        165⤵
        System Location Discovery: System Language Discovery
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        166⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        167⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        168⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        169⤵
        System Location Discovery: System Language Discovery
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        170⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        171⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        172⤵
        System Location Discovery: System Language Discovery
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        173⤵
        System Location Discovery: System Language Discovery
        
        PID:704
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        174⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        175⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        176⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        177⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        178⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        179⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        180⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        181⤵
        System Location Discovery: System Language Discovery
        
        PID:660
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        182⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        183⤵
        System Location Discovery: System Language Discovery
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        184⤵
        System Location Discovery: System Language Discovery
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        185⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        186⤵
        System Location Discovery: System Language Discovery
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        187⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        188⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        189⤵
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        190⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        191⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        192⤵
        System Location Discovery: System Language Discovery
        
        PID:464
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        193⤵
        System Location Discovery: System Language Discovery
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        194⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        195⤵
        System Location Discovery: System Language Discovery
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        196⤵
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        197⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        198⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        199⤵
        System Location Discovery: System Language Discovery
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        200⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        201⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        202⤵
        System Location Discovery: System Language Discovery
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        203⤵
        
        PID:336
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        204⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        205⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        206⤵
        System Location Discovery: System Language Discovery
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        207⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        208⤵
        System Location Discovery: System Language Discovery
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        209⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        210⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        211⤵
        System Location Discovery: System Language Discovery
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        212⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        213⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        214⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        215⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        216⤵
        System Location Discovery: System Language Discovery
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        217⤵
        System Location Discovery: System Language Discovery
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        218⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        219⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        220⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12.exe"
        221⤵
        
        PID:4012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Melber

Filesize
483KB

MD5
c775893bcd41381fc7358afc299be165

SHA1
fd27a07aa6a7d7ce08bb7f4f3ab268a553f181f0

SHA256
ac4b058bab77c8c2bf3440a0016108ccafbd7cac9b490049b9ee1b13c2989324

SHA512
c56b56292624deae50d953e9fed83c484c9e65d77c7c97900e6ad9da74e9134edce2106ccfe7b1576111c9ac60d6fc0ddddcfd52cede264fe74421145b5dbff6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roca

Filesize
84KB

MD5
20a9eb8ab45e5dcc0ea05a32b474e1d0

SHA1
fdbc8728d16d9231bac3df212a6e5e3c89733aec

SHA256
f89baef54fb11e5dab9e289562ed2a043fc57539f128ad1b40afbd5557a3db0c

SHA512
fdd9416e8da620190dc3e4ee870c70cccad11cc3cfe1977a3bd516df9c24511f5eb98e8852cef3b6f5923d06baf7747018fdde7f7f0dd3d805d719689082f540

Download Submit
C:\Users\Admin\AppData\Local\Temp\autEFFA.tmp

Filesize
422KB

MD5
d55729910c46dde6c789e27942a78f52

SHA1
167a631c19c0bd0852106d9ee0db2ab14daab81e

SHA256
d0c3e70f5542ad073ea8aee790bcc8911ebd1fc277996d02fc48bccd9184adbc

SHA512
c71c1fcc346683f2a85a9ca3d09ab82da23d917c48fa666f49e11ce1d5c12917175d548954bdf1c85d2415bd9fe325a7a86fce7f7db7124e40f4c9093cc1f854

Download Submit
C:\Users\Admin\AppData\Local\Temp\autF01A.tmp

Filesize
42KB

MD5
6a0c123c2733362bcc76ee81a7cc423e

SHA1
34236ce895e9bd7ac450944e2438c4589033dc98

SHA256
8f3f6cac70deade2686ab02339c41db250bd5ac5b13093efc33595915752f8b0

SHA512
55666c484f65bfb5e5ff41491471c5f05b5329d4b01557b6f41acc932c4f6ac0442fccf7aa1a6e750e443ad5a7ccc673de190028960a048acc67d90e7f919019

Download Submit
memory/2152-11-0x0000000000160000-0x0000000000164000-memory.dmp

Filesize
16KB

Download