9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36

Analysis

max time kernel
149s
max time network
127s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
23/08/2024, 02:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
Size

1.4MB
MD5

5e600b594c0110f0cc817b9f60f5fb92
SHA1

da93dc76c700609bf06d9356f6191ffb95a51298
SHA256

9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36
SHA512

ab46eaa86016ab1b65dc116510b4c85bdcf16e686e6b6611308fe62ed39611f0a73eb7c2d2fa24668e226a8dc117626b13f93fd007906d18aa3f815982a7f775
SSDEEP

24576:ZqDEvCTbMWu7rQYlBQcBiT6rprG8aK0dPJZKSbOttPPZZm9TkC3fm:ZTvC/MTQYxsWR7aK0dPJZKSbOLITkC3

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2316	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2316	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2816	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2816	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2624	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2624	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2924	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2924	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2812	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2812	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2628	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2628	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2588	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2588	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
3008	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
3008	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
1112	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
1112	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2840	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2840	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2844	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2844	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2260	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2260	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
1772	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
1772	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
1148	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
1148	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2104	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2104	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2172	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2172	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
1356	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
1356	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
848	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
848	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2348	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2348	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2072	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2072	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2916	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2916	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2352	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2352	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
3056	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
3056	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
1636	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
1636	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
1680	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
1680	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2320	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2320	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2936	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2936	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2776	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2776	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
920	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
920	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2560	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2560	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2580	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2580	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
1280	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
1280	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2316	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2316	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2816	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2816	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2624	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2624	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2924	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2924	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2812	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2812	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2628	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2628	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2588	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2588	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
3008	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
3008	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
1112	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
1112	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2840	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2840	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2844	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2844	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2260	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2260	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
1772	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
1772	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
1148	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
1148	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2104	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2104	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2172	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2172	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
1356	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
1356	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
848	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
848	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2348	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2348	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2072	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2072	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2916	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2916	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2352	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2352	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
3056	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
3056	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
1636	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
1636	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
1680	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
1680	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2320	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2320	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2936	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2936	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2776	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2776	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
920	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
920	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2560	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2560	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2580	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
2580	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
1280	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
1280	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2316 wrote to memory of 2816	2316	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe	30
PID 2316 wrote to memory of 2816	2316	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe	30
PID 2316 wrote to memory of 2816	2316	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe	30
PID 2316 wrote to memory of 2816	2316	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe	30
PID 2816 wrote to memory of 2624	2816	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe	31
PID 2816 wrote to memory of 2624	2816	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe	31
PID 2816 wrote to memory of 2624	2816	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe	31
PID 2816 wrote to memory of 2624	2816	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe	31
PID 2624 wrote to memory of 2924	2624	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe	32
PID 2624 wrote to memory of 2924	2624	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe	32
PID 2624 wrote to memory of 2924	2624	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe	32
PID 2624 wrote to memory of 2924	2624	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe	32
PID 2924 wrote to memory of 2812	2924	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe	33
PID 2924 wrote to memory of 2812	2924	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe	33
PID 2924 wrote to memory of 2812	2924	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe	33
PID 2924 wrote to memory of 2812	2924	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe	33
PID 2812 wrote to memory of 2628	2812	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe	34
PID 2812 wrote to memory of 2628	2812	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe	34
PID 2812 wrote to memory of 2628	2812	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe	34
PID 2812 wrote to memory of 2628	2812	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe	34
PID 2628 wrote to memory of 2588	2628	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe	35
PID 2628 wrote to memory of 2588	2628	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe	35
PID 2628 wrote to memory of 2588	2628	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe	35
PID 2628 wrote to memory of 2588	2628	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe	35
PID 2588 wrote to memory of 3008	2588	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe	36
PID 2588 wrote to memory of 3008	2588	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe	36
PID 2588 wrote to memory of 3008	2588	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe	36
PID 2588 wrote to memory of 3008	2588	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe	36
PID 3008 wrote to memory of 1112	3008	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe	37
PID 3008 wrote to memory of 1112	3008	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe	37
PID 3008 wrote to memory of 1112	3008	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe	37
PID 3008 wrote to memory of 1112	3008	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe	37
PID 1112 wrote to memory of 2840	1112	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe	38
PID 1112 wrote to memory of 2840	1112	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe	38
PID 1112 wrote to memory of 2840	1112	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe	38
PID 1112 wrote to memory of 2840	1112	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe	38
PID 2840 wrote to memory of 2844	2840	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe	39
PID 2840 wrote to memory of 2844	2840	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe	39
PID 2840 wrote to memory of 2844	2840	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe	39
PID 2840 wrote to memory of 2844	2840	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe	39
PID 2844 wrote to memory of 2260	2844	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe	40
PID 2844 wrote to memory of 2260	2844	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe	40
PID 2844 wrote to memory of 2260	2844	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe	40
PID 2844 wrote to memory of 2260	2844	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe	40
PID 2260 wrote to memory of 1772	2260	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe	41
PID 2260 wrote to memory of 1772	2260	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe	41
PID 2260 wrote to memory of 1772	2260	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe	41
PID 2260 wrote to memory of 1772	2260	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe	41
PID 1772 wrote to memory of 1148	1772	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe	42
PID 1772 wrote to memory of 1148	1772	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe	42
PID 1772 wrote to memory of 1148	1772	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe	42
PID 1772 wrote to memory of 1148	1772	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe	42
PID 1148 wrote to memory of 2104	1148	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe	43
PID 1148 wrote to memory of 2104	1148	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe	43
PID 1148 wrote to memory of 2104	1148	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe	43
PID 1148 wrote to memory of 2104	1148	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe	43
PID 2104 wrote to memory of 2172	2104	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe	44
PID 2104 wrote to memory of 2172	2104	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe	44
PID 2104 wrote to memory of 2172	2104	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe	44
PID 2104 wrote to memory of 2172	2104	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe	44
PID 2172 wrote to memory of 1356	2172	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe	45
PID 2172 wrote to memory of 1356	2172	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe	45
PID 2172 wrote to memory of 1356	2172	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe	45
PID 2172 wrote to memory of 1356	2172	9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe	45

C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
"C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2316
- C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
  "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
  2⤵
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2816
- - C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
    "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:2624
  - - C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
      "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:2924
    - - C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2812
      - C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        6⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        7⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        8⤵
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        9⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        10⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        11⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        12⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        13⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        14⤵
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        15⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        16⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        17⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        18⤵
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        19⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        20⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        21⤵
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        22⤵
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        23⤵
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        24⤵
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        25⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        26⤵
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        27⤵
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        28⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        29⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        30⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        31⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        32⤵
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        33⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        34⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        35⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        36⤵
        System Location Discovery: System Language Discovery
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        37⤵
        System Location Discovery: System Language Discovery
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        38⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        39⤵
        System Location Discovery: System Language Discovery
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        40⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        41⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        42⤵
        System Location Discovery: System Language Discovery
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        43⤵
        System Location Discovery: System Language Discovery
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        44⤵
        System Location Discovery: System Language Discovery
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        45⤵
        System Location Discovery: System Language Discovery
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        46⤵
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        47⤵
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        48⤵
        System Location Discovery: System Language Discovery
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        49⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        50⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        51⤵
        System Location Discovery: System Language Discovery
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        52⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        53⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        54⤵
        System Location Discovery: System Language Discovery
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        55⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        56⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        57⤵
        System Location Discovery: System Language Discovery
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        58⤵
        System Location Discovery: System Language Discovery
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        59⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        60⤵
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        61⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        62⤵
        System Location Discovery: System Language Discovery
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        63⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        64⤵
        System Location Discovery: System Language Discovery
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        65⤵
        System Location Discovery: System Language Discovery
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        66⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        67⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        68⤵
        System Location Discovery: System Language Discovery
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        69⤵
        
        PID:740
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        70⤵
        System Location Discovery: System Language Discovery
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        71⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        72⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        73⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        74⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        75⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        76⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        77⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        78⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        79⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        80⤵
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        81⤵
        System Location Discovery: System Language Discovery
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        82⤵
        
        PID:624
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        83⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        84⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        85⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        86⤵
        System Location Discovery: System Language Discovery
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        87⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        88⤵
        System Location Discovery: System Language Discovery
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        89⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        90⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        91⤵
        System Location Discovery: System Language Discovery
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        92⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        93⤵
        System Location Discovery: System Language Discovery
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        94⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        95⤵
        System Location Discovery: System Language Discovery
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        96⤵
        System Location Discovery: System Language Discovery
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        97⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        98⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        99⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        100⤵
        System Location Discovery: System Language Discovery
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        101⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        102⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        103⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        104⤵
        System Location Discovery: System Language Discovery
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        105⤵
        System Location Discovery: System Language Discovery
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        106⤵
        System Location Discovery: System Language Discovery
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        107⤵
        System Location Discovery: System Language Discovery
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        108⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        109⤵
        System Location Discovery: System Language Discovery
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        110⤵
        System Location Discovery: System Language Discovery
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        111⤵
        System Location Discovery: System Language Discovery
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        112⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        113⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        114⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        115⤵
        System Location Discovery: System Language Discovery
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        116⤵
        System Location Discovery: System Language Discovery
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        117⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        118⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        119⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        120⤵
        System Location Discovery: System Language Discovery
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        121⤵
        System Location Discovery: System Language Discovery
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        122⤵
        System Location Discovery: System Language Discovery
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        123⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        124⤵
        System Location Discovery: System Language Discovery
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        125⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        126⤵
        System Location Discovery: System Language Discovery
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        127⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        128⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        129⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        130⤵
        System Location Discovery: System Language Discovery
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        131⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        132⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        133⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        134⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        135⤵
        System Location Discovery: System Language Discovery
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        136⤵
        System Location Discovery: System Language Discovery
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        137⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        138⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        139⤵
        System Location Discovery: System Language Discovery
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        140⤵
        System Location Discovery: System Language Discovery
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        141⤵
        System Location Discovery: System Language Discovery
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        142⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        143⤵
        System Location Discovery: System Language Discovery
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        144⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        145⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        146⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        147⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        148⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        149⤵
        System Location Discovery: System Language Discovery
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        150⤵
        System Location Discovery: System Language Discovery
        
        PID:388
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        151⤵
        System Location Discovery: System Language Discovery
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        152⤵
        System Location Discovery: System Language Discovery
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        153⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        154⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        155⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        156⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        157⤵
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9783fe3a07f7fb9fcb23c01d4ab9c6ea17f94c5336fd2233134b9bc6bf7d1e36.exe"
        158⤵
        System Location Discovery: System Language Discovery
        
        PID:2968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\aut2443.tmp

Filesize
428KB

MD5
ae67b7cd896ed19f7bf64cf0611c2d77

SHA1
a0d5b19b773f7060548deeb22b6540182cbcb3cb

SHA256
90c981ad1351ddc51b79bc376a4e17e70cb540eef8b35a81ebebf739066e9251

SHA512
8f10f1e3ee1296bf1a2830b270cb1f1bcb5069dbf5d0e1cc414b72918d8d191e1f386170bb959b02e896291ed2fed98854a341f53adc81c588131e7018706a3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\aut2473.tmp

Filesize
42KB

MD5
75f8c0ba74f196ae7c34144cc42adb21

SHA1
6fd748a9006ee681d06fca48586829b47e21dce5

SHA256
1b3871c92935458c450afa1b7dab7c8b3e57d637691eef39354924d4ae08700a

SHA512
89f9616e38f7832c5c4df4bd31889c3f05335cfcc24cb0fdda7398a5060e1871da45b1f5155791e25002a54646efd034cd679bdf67358ea0f2a00bbe59e6e939

Download Submit
C:\Users\Admin\AppData\Local\Temp\electicism

Filesize
84KB

MD5
7ebf6078e8f3331829e33ab45284386e

SHA1
658ae7e72e7e2ac2ca60de2ce44d990e208ddc23

SHA256
6253784150c31e0f19e32624bbe3a376deab3502adb4721a31dc9ebd27a8b6f5

SHA512
644a865475879d19075371880cc5912ca8382b29a93ce3fa34520bc20417d34dab9a6aa433acc5bb21e0e019753075fac600fca8168fea73a281ffb65e891770

Download Submit
C:\Users\Admin\AppData\Local\Temp\nonplacental

Filesize
483KB

MD5
aaca4cc881a1ece8828442f3f96dd2af

SHA1
a8347f629dbdfd6fad04e07464719d3368d95d4b

SHA256
7ba0334c5beaea06a1dbc9c0ca9ee35078b97ba2ad402578fddfe66f395be0f7

SHA512
4aac852b0851c5b52d055e988af454d35a81a2dcd435b62858cb002fa72c151e88de4e5558c431aebb4690401467fd1abca20ab67532b76d3cbc23f59e511858

Download Submit
memory/2316-11-0x0000000000120000-0x0000000000124000-memory.dmp

Filesize
16KB

Download