9efc8842dc994d62ab86ad49fc83a412c5aed94bae408833176aa7ba968da87d

Analysis

max time kernel
22s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
09/07/2024, 03:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2496cdbf3ed9e67da86e642cb15b08f0N.exe
Size

1.3MB
MD5

2496cdbf3ed9e67da86e642cb15b08f0
SHA1

872b7a67b8d021791941eb23af48f41a9d9c7e08
SHA256

9efc8842dc994d62ab86ad49fc83a412c5aed94bae408833176aa7ba968da87d
SHA512

344d2e5f7f735f43de1bf009e457c89fa4fdf594fcc0cc17dfb6154ee6dd5ed0f0c60045e4cc628b8903081700e9ebd0bcdf230254b93f096e68f6d05d6d1499
SSDEEP

24576:oWANaIGSub7xrmvGpFRn3uwBCK5Mhv8HDFdB8uI+Vl0/FYv+WKkxwl/7:VANRGfVqek0bHJ8p+8WvGOaD

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	2496cdbf3ed9e67da86e642cb15b08f0N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\U:	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File opened (read-only)	\??\A:	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File opened (read-only)	\??\I:	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File opened (read-only)	\??\M:	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File opened (read-only)	\??\O:	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File opened (read-only)	\??\S:	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File opened (read-only)	\??\Y:	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File opened (read-only)	\??\Z:	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File opened (read-only)	\??\E:	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File opened (read-only)	\??\G:	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File opened (read-only)	\??\H:	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File opened (read-only)	\??\K:	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File opened (read-only)	\??\P:	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File opened (read-only)	\??\B:	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File opened (read-only)	\??\J:	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File opened (read-only)	\??\L:	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File opened (read-only)	\??\N:	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File opened (read-only)	\??\V:	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File opened (read-only)	\??\Q:	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File opened (read-only)	\??\R:	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File opened (read-only)	\??\T:	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File opened (read-only)	\??\W:	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File opened (read-only)	\??\X:	2496cdbf3ed9e67da86e642cb15b08f0N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\french cum cumshot hot (!) 50+ .zip.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\System32\DriverStore\Temp\french sperm sperm girls ash Ôë .rar.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\lesbian trambling full movie hole hotel .zip.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\brasilian sperm trambling big legs leather .mpeg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\SysWOW64\IME\shared\black bukkake hardcore sleeping .mpg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\cumshot nude public Ôë .mpeg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\japanese gang bang hot (!) upskirt .mpg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\SysWOW64\IME\shared\russian beast horse voyeur mistress .rar.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\japanese bukkake lesbian latex .rar.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\gay beast full movie (Liz,Christine).avi.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\swedish kicking [free] (Samantha).mpg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Program Files\Windows Journal\Templates\russian sperm lesbian licking boobs (Kathrin).avi.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\danish lesbian masturbation .zip.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\hardcore lingerie uncut .avi.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\brasilian xxx hot (!) (Gina).avi.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\horse kicking catfight bedroom .rar.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\canadian lingerie action several models girly .zip.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Program Files (x86)\Google\Temp\lesbian nude [milf] nipples high heels .mpg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\lingerie licking mistress .mpg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\spanish gay [bangbus] leather .rar.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\xxx beastiality catfight boots .mpeg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Program Files\DVD Maker\Shared\canadian horse licking circumcision .rar.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Program Files (x86)\Google\Update\Download\norwegian lingerie [bangbus] (Christine).rar.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\cum public glans .mpg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\action cumshot voyeur legs young .zip.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\malaysia xxx fetish full movie .mpeg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\malaysia fetish public boots (Karin,Sandy).zip.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\lingerie sperm voyeur leather (Samantha,Sylvia).zip.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\chinese action uncut mature .mpg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\french animal catfight bondage .avi.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\german horse lesbian bondage (Jade,Kathrin).mpeg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\spanish trambling masturbation wifey .zip.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\asian xxx kicking several models cock hairy .zip.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\italian blowjob fetish voyeur circumcision .zip.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\beastiality animal [milf] .zip.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\malaysia fucking public girly (Kathrin,Curtney).mpg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\indian trambling trambling sleeping nipples traffic .mpg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\blowjob handjob public .mpeg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\swedish fucking [milf] circumcision (Sarah).mpg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\fucking sleeping .mpeg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\blowjob blowjob catfight ash hairy (Curtney).mpeg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\handjob public stockings .avi.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\gang bang public (Janette,Kathrin).mpeg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\kicking sleeping nipples fishy .mpg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\german fetish beastiality big .mpeg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\hardcore catfight ash wifey .mpg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\xxx gang bang catfight feet swallow (Karin,Tatjana).mpeg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\british beast lesbian masturbation YEâPSè& .zip.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\sperm masturbation .rar.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\british trambling bukkake sleeping .rar.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\cum public hairy .avi.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\russian porn beastiality hot (!) sweet .rar.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\cum full movie swallow .avi.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\norwegian fucking sperm public boobs boots .avi.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\italian porn kicking several models .rar.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\animal nude licking hole .avi.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\italian fetish animal masturbation fishy .avi.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\xxx fucking girls boots .zip.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\lesbian several models shower .zip.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\german cum beastiality several models glans penetration .rar.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\gang bang [milf] .mpeg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\fetish beastiality uncut .zip.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\nude several models (Gina).mpeg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\swedish blowjob girls mature (Christine).rar.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\norwegian horse cum masturbation wifey .rar.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\italian fucking [free] vagina wifey .mpg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\winsxs\Temp\bukkake several models .zip.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\chinese bukkake [milf] .zip.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\lingerie girls .rar.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\PLA\Templates\fetish several models .avi.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\tyrkish porn fetish hot (!) .zip.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\nude catfight redhair (Sarah,Kathrin).mpeg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\handjob action [free] .mpeg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\italian gay kicking catfight nipples wifey .mpg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\gay cumshot full movie beautyfull (Sonja,Liz).mpg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\security\templates\swedish cum bukkake catfight vagina .zip.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\gang bang [free] mistress .rar.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\cumshot big legs traffic .mpg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\lingerie [free] bondage .avi.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\norwegian horse beast several models nipples young .avi.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\trambling big .zip.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\british lingerie lingerie public .zip.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\french animal girls boobs young .avi.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\fucking beastiality hidden ash .zip.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\german sperm cum hidden shoes .rar.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\asian beast beast girls nipples lady .zip.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\brasilian beastiality [bangbus] castration .mpg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\gay bukkake several models .rar.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\indian trambling [bangbus] pregnant (Sonja).rar.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2180	2496cdbf3ed9e67da86e642cb15b08f0N.exe
2976	2496cdbf3ed9e67da86e642cb15b08f0N.exe
2180	2496cdbf3ed9e67da86e642cb15b08f0N.exe
1672	2496cdbf3ed9e67da86e642cb15b08f0N.exe
2976	2496cdbf3ed9e67da86e642cb15b08f0N.exe
2488	2496cdbf3ed9e67da86e642cb15b08f0N.exe
2180	2496cdbf3ed9e67da86e642cb15b08f0N.exe
2868	2496cdbf3ed9e67da86e642cb15b08f0N.exe
2312	2496cdbf3ed9e67da86e642cb15b08f0N.exe
1860	2496cdbf3ed9e67da86e642cb15b08f0N.exe
2976	2496cdbf3ed9e67da86e642cb15b08f0N.exe
2752	2496cdbf3ed9e67da86e642cb15b08f0N.exe
1672	2496cdbf3ed9e67da86e642cb15b08f0N.exe
2488	2496cdbf3ed9e67da86e642cb15b08f0N.exe
2180	2496cdbf3ed9e67da86e642cb15b08f0N.exe
2208	2496cdbf3ed9e67da86e642cb15b08f0N.exe
1572	2496cdbf3ed9e67da86e642cb15b08f0N.exe
2868	2496cdbf3ed9e67da86e642cb15b08f0N.exe
2312	2496cdbf3ed9e67da86e642cb15b08f0N.exe
772	2496cdbf3ed9e67da86e642cb15b08f0N.exe
1528	2496cdbf3ed9e67da86e642cb15b08f0N.exe
2976	2496cdbf3ed9e67da86e642cb15b08f0N.exe
1696	2496cdbf3ed9e67da86e642cb15b08f0N.exe
1756	2496cdbf3ed9e67da86e642cb15b08f0N.exe
356	2496cdbf3ed9e67da86e642cb15b08f0N.exe
3068	2496cdbf3ed9e67da86e642cb15b08f0N.exe
2488	2496cdbf3ed9e67da86e642cb15b08f0N.exe
2752	2496cdbf3ed9e67da86e642cb15b08f0N.exe
1672	2496cdbf3ed9e67da86e642cb15b08f0N.exe
1860	2496cdbf3ed9e67da86e642cb15b08f0N.exe
2180	2496cdbf3ed9e67da86e642cb15b08f0N.exe
1420	2496cdbf3ed9e67da86e642cb15b08f0N.exe
1348	2496cdbf3ed9e67da86e642cb15b08f0N.exe
2156	2496cdbf3ed9e67da86e642cb15b08f0N.exe
2032	2496cdbf3ed9e67da86e642cb15b08f0N.exe
1572	2496cdbf3ed9e67da86e642cb15b08f0N.exe
2868	2496cdbf3ed9e67da86e642cb15b08f0N.exe
2208	2496cdbf3ed9e67da86e642cb15b08f0N.exe
2312	2496cdbf3ed9e67da86e642cb15b08f0N.exe
768	2496cdbf3ed9e67da86e642cb15b08f0N.exe
1488	2496cdbf3ed9e67da86e642cb15b08f0N.exe
1488	2496cdbf3ed9e67da86e642cb15b08f0N.exe
1880	2496cdbf3ed9e67da86e642cb15b08f0N.exe
1880	2496cdbf3ed9e67da86e642cb15b08f0N.exe
772	2496cdbf3ed9e67da86e642cb15b08f0N.exe
772	2496cdbf3ed9e67da86e642cb15b08f0N.exe
1528	2496cdbf3ed9e67da86e642cb15b08f0N.exe
1528	2496cdbf3ed9e67da86e642cb15b08f0N.exe
2976	2496cdbf3ed9e67da86e642cb15b08f0N.exe
2976	2496cdbf3ed9e67da86e642cb15b08f0N.exe
2264	2496cdbf3ed9e67da86e642cb15b08f0N.exe
2264	2496cdbf3ed9e67da86e642cb15b08f0N.exe
2240	2496cdbf3ed9e67da86e642cb15b08f0N.exe
2240	2496cdbf3ed9e67da86e642cb15b08f0N.exe
1756	2496cdbf3ed9e67da86e642cb15b08f0N.exe
1756	2496cdbf3ed9e67da86e642cb15b08f0N.exe
3068	2496cdbf3ed9e67da86e642cb15b08f0N.exe
3068	2496cdbf3ed9e67da86e642cb15b08f0N.exe
2488	2496cdbf3ed9e67da86e642cb15b08f0N.exe
2488	2496cdbf3ed9e67da86e642cb15b08f0N.exe
2752	2496cdbf3ed9e67da86e642cb15b08f0N.exe
2752	2496cdbf3ed9e67da86e642cb15b08f0N.exe
2332	2496cdbf3ed9e67da86e642cb15b08f0N.exe
2332	2496cdbf3ed9e67da86e642cb15b08f0N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2180 wrote to memory of 2976	2180	2496cdbf3ed9e67da86e642cb15b08f0N.exe	30
PID 2180 wrote to memory of 2976	2180	2496cdbf3ed9e67da86e642cb15b08f0N.exe	30
PID 2180 wrote to memory of 2976	2180	2496cdbf3ed9e67da86e642cb15b08f0N.exe	30
PID 2180 wrote to memory of 2976	2180	2496cdbf3ed9e67da86e642cb15b08f0N.exe	30
PID 2976 wrote to memory of 1672	2976	2496cdbf3ed9e67da86e642cb15b08f0N.exe	31
PID 2976 wrote to memory of 1672	2976	2496cdbf3ed9e67da86e642cb15b08f0N.exe	31
PID 2976 wrote to memory of 1672	2976	2496cdbf3ed9e67da86e642cb15b08f0N.exe	31
PID 2976 wrote to memory of 1672	2976	2496cdbf3ed9e67da86e642cb15b08f0N.exe	31
PID 2180 wrote to memory of 2488	2180	2496cdbf3ed9e67da86e642cb15b08f0N.exe	32
PID 2180 wrote to memory of 2488	2180	2496cdbf3ed9e67da86e642cb15b08f0N.exe	32
PID 2180 wrote to memory of 2488	2180	2496cdbf3ed9e67da86e642cb15b08f0N.exe	32
PID 2180 wrote to memory of 2488	2180	2496cdbf3ed9e67da86e642cb15b08f0N.exe	32
PID 1672 wrote to memory of 2868	1672	2496cdbf3ed9e67da86e642cb15b08f0N.exe	33
PID 1672 wrote to memory of 2868	1672	2496cdbf3ed9e67da86e642cb15b08f0N.exe	33
PID 1672 wrote to memory of 2868	1672	2496cdbf3ed9e67da86e642cb15b08f0N.exe	33
PID 1672 wrote to memory of 2868	1672	2496cdbf3ed9e67da86e642cb15b08f0N.exe	33
PID 2976 wrote to memory of 2312	2976	2496cdbf3ed9e67da86e642cb15b08f0N.exe	34
PID 2976 wrote to memory of 2312	2976	2496cdbf3ed9e67da86e642cb15b08f0N.exe	34
PID 2976 wrote to memory of 2312	2976	2496cdbf3ed9e67da86e642cb15b08f0N.exe	34
PID 2976 wrote to memory of 2312	2976	2496cdbf3ed9e67da86e642cb15b08f0N.exe	34
PID 2488 wrote to memory of 1860	2488	2496cdbf3ed9e67da86e642cb15b08f0N.exe	35
PID 2488 wrote to memory of 1860	2488	2496cdbf3ed9e67da86e642cb15b08f0N.exe	35
PID 2488 wrote to memory of 1860	2488	2496cdbf3ed9e67da86e642cb15b08f0N.exe	35
PID 2488 wrote to memory of 1860	2488	2496cdbf3ed9e67da86e642cb15b08f0N.exe	35
PID 2180 wrote to memory of 2752	2180	2496cdbf3ed9e67da86e642cb15b08f0N.exe	36
PID 2180 wrote to memory of 2752	2180	2496cdbf3ed9e67da86e642cb15b08f0N.exe	36
PID 2180 wrote to memory of 2752	2180	2496cdbf3ed9e67da86e642cb15b08f0N.exe	36
PID 2180 wrote to memory of 2752	2180	2496cdbf3ed9e67da86e642cb15b08f0N.exe	36
PID 2312 wrote to memory of 1572	2312	2496cdbf3ed9e67da86e642cb15b08f0N.exe	37
PID 2312 wrote to memory of 1572	2312	2496cdbf3ed9e67da86e642cb15b08f0N.exe	37
PID 2312 wrote to memory of 1572	2312	2496cdbf3ed9e67da86e642cb15b08f0N.exe	37
PID 2312 wrote to memory of 1572	2312	2496cdbf3ed9e67da86e642cb15b08f0N.exe	37
PID 2868 wrote to memory of 2208	2868	2496cdbf3ed9e67da86e642cb15b08f0N.exe	38
PID 2868 wrote to memory of 2208	2868	2496cdbf3ed9e67da86e642cb15b08f0N.exe	38
PID 2868 wrote to memory of 2208	2868	2496cdbf3ed9e67da86e642cb15b08f0N.exe	38
PID 2868 wrote to memory of 2208	2868	2496cdbf3ed9e67da86e642cb15b08f0N.exe	38
PID 2976 wrote to memory of 772	2976	2496cdbf3ed9e67da86e642cb15b08f0N.exe	39
PID 2976 wrote to memory of 772	2976	2496cdbf3ed9e67da86e642cb15b08f0N.exe	39
PID 2976 wrote to memory of 772	2976	2496cdbf3ed9e67da86e642cb15b08f0N.exe	39
PID 2976 wrote to memory of 772	2976	2496cdbf3ed9e67da86e642cb15b08f0N.exe	39
PID 1672 wrote to memory of 1528	1672	2496cdbf3ed9e67da86e642cb15b08f0N.exe	40
PID 1672 wrote to memory of 1528	1672	2496cdbf3ed9e67da86e642cb15b08f0N.exe	40
PID 1672 wrote to memory of 1528	1672	2496cdbf3ed9e67da86e642cb15b08f0N.exe	40
PID 1672 wrote to memory of 1528	1672	2496cdbf3ed9e67da86e642cb15b08f0N.exe	40
PID 2488 wrote to memory of 1696	2488	2496cdbf3ed9e67da86e642cb15b08f0N.exe	41
PID 2488 wrote to memory of 1696	2488	2496cdbf3ed9e67da86e642cb15b08f0N.exe	41
PID 2488 wrote to memory of 1696	2488	2496cdbf3ed9e67da86e642cb15b08f0N.exe	41
PID 2488 wrote to memory of 1696	2488	2496cdbf3ed9e67da86e642cb15b08f0N.exe	41
PID 1860 wrote to memory of 1756	1860	2496cdbf3ed9e67da86e642cb15b08f0N.exe	42
PID 1860 wrote to memory of 1756	1860	2496cdbf3ed9e67da86e642cb15b08f0N.exe	42
PID 1860 wrote to memory of 1756	1860	2496cdbf3ed9e67da86e642cb15b08f0N.exe	42
PID 1860 wrote to memory of 1756	1860	2496cdbf3ed9e67da86e642cb15b08f0N.exe	42
PID 2752 wrote to memory of 356	2752	2496cdbf3ed9e67da86e642cb15b08f0N.exe	43
PID 2752 wrote to memory of 356	2752	2496cdbf3ed9e67da86e642cb15b08f0N.exe	43
PID 2752 wrote to memory of 356	2752	2496cdbf3ed9e67da86e642cb15b08f0N.exe	43
PID 2752 wrote to memory of 356	2752	2496cdbf3ed9e67da86e642cb15b08f0N.exe	43
PID 2180 wrote to memory of 3068	2180	2496cdbf3ed9e67da86e642cb15b08f0N.exe	44
PID 2180 wrote to memory of 3068	2180	2496cdbf3ed9e67da86e642cb15b08f0N.exe	44
PID 2180 wrote to memory of 3068	2180	2496cdbf3ed9e67da86e642cb15b08f0N.exe	44
PID 2180 wrote to memory of 3068	2180	2496cdbf3ed9e67da86e642cb15b08f0N.exe	44
PID 1572 wrote to memory of 1420	1572	2496cdbf3ed9e67da86e642cb15b08f0N.exe	45
PID 1572 wrote to memory of 1420	1572	2496cdbf3ed9e67da86e642cb15b08f0N.exe	45
PID 1572 wrote to memory of 1420	1572	2496cdbf3ed9e67da86e642cb15b08f0N.exe	45
PID 1572 wrote to memory of 1420	1572	2496cdbf3ed9e67da86e642cb15b08f0N.exe	45

C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
"C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2180
- C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2976
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1672
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2868
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2208
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        9⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        10⤵
        
        PID:18476
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        9⤵
        
        PID:9868
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        9⤵
        
        PID:17780
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        9⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        10⤵
        
        PID:24164
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        9⤵
        
        PID:19376
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:8376
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:17412
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        9⤵
        
        PID:13160
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        9⤵
        
        PID:16892
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:10088
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        9⤵
        
        PID:18584
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:21624
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:11588
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        9⤵
        
        PID:13436
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:22564
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:7548
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:17312
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        9⤵
        
        PID:12460
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        9⤵
        
        PID:22740
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:10172
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:20336
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:11564
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:22624
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:8368
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:24116
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:17288
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:14460
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:9272
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:18148
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:9088
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:12176
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:22876
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:7528
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:18520
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:12208
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:22700
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1348
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        9⤵
        
        PID:13136
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        9⤵
        
        PID:11284
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:9124
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        9⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:12240
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:11304
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:9068
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:12320
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:22724
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:18324
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:12184
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:23956
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:12452
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:22708
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:9256
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:11176
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:18372
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:9296
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:16920
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:18132
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:7536
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:18252
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:12280
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:11288
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:2792
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:17764
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:10104
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:19428
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:9452
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:13328
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:17788
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:7672
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:18268
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:12312
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:22860
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:3804
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:17296
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:10136
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:17224
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:5732
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:11508
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:13460
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:22756
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:7284
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:17240
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:14680
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1528
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1488
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:8664
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        9⤵
        
        PID:12368
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:17184
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:12412
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:22884
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:11548
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:19872
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:7224
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:10672
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:21140
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:11944
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:19824
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:11612
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:19444
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:8600
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:24188
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:17484
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:2624
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:8528
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:16904
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:17344
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:14452
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:11620
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:18824
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:3848
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:17532
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:10048
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:18276
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:19832
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:5388
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:10164
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:18228
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:19896
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:7680
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:22780
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:12192
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:13212
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:22788
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:2404
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:3316
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:10152
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:19880
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:13180
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:13912
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:4388
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:7716
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:17304
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:5552
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:12080
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:22692
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:8748
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:16936
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:17192
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:3132
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:4820
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:8712
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:24208
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:17168
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:7064
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:18308
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:11772
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:12980
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:4100
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:7420
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:14580
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:13944
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:5252
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:11628
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:24492
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:19748
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:8768
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:18244
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:14564
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2312
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1572
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1420
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        9⤵
        
        PID:12096
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        9⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:9280
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:18448
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:10064
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        9⤵
        
        PID:24148
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:20328
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:7576
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:18624
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:14428
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:12420
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:22844
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:9264
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:18140
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:10680
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:10216
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:19732
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:24172
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:14604
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:2776
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:12444
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:11368
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:9132
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:14532
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:11604
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:16924
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:22548
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:8384
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:16784
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:17452
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:3644
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:9888
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:18616
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:20048
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:9852
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:17796
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:5140
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:9100
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:12200
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:11384
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:7556
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:22676
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:14572
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2156
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:2676
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:8544
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:17384
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:16188
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:11708
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:22648
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:3720
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:14524
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:9412
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:16908
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:19308
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:5304
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:9392
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:17508
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:7496
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:9052
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:12224
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:23124
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:2912
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:3824
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:14516
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:10096
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:18536
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:19360
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:5356
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:10072
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:19560
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:7660
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:22812
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:12216
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:22732
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:3672
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:5728
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:10156
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:20224
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:9232
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:12160
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:17272
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:5240
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:10012
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:19924
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:7504
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:18608
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:11968
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:22604
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:772
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:768
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:2496
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:18456
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:13972
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:11652
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:24124
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:22556
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:8636
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:17140
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:4040
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:10648
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:24060
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:21132
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:11904
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:19724
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:5636
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:10640
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:17804
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:7908
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:12008
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:24068
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:2536
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:4604
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:8676
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:17176
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:6788
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:13144
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:11928
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:19680
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:3920
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:6848
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:16164
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:9844
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:16116
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:17248
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:5740
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:924
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:11088
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:18808
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:8392
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:17280
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1880
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:3000
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:4796
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:8792
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:17428
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:6168
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:18300
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:11756
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:24896
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:4132
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:7308
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:18212
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:12404
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:5320
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:11692
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:22540
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:8776
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:17420
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:2508
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:4644
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:8440
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:13408
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:14500
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:6836
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:18576
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:10112
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:18644
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:20172
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:3856
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:6628
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:14492
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:10080
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:18204
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:20244
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:5496
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:9464
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:17772
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:7848
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:14436
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:12248
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:24196
- C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2488
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1860
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1756
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2240
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:8480
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        9⤵
        
        PID:24156
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:17216
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:18040
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:11764
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:13188
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:16156
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:9860
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:13484
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:17492
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:11540
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:12032
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:19780
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:7184
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:12296
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:22764
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:2600
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:7236
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:17360
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:11516
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:19764
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:8692
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:17200
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:4032
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:14596
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:11644
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:22748
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:5612
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:10128
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:18292
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:20236
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:7944
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:12304
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:22716
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:2036
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:3400
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:8900
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:14624
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:18284
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:11716
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:12996
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:22532
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:4692
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:9424
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:17476
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:7804
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:14420
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:3124
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:4592
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:8328
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:16780
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:14616
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:6720
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:14468
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:11960
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:19788
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:4152
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:7360
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:14444
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:12396
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:6116
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:11556
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:12960
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:19672
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:8760
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:16692
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1696
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2264
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:1480
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:8348
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:17400
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:7056
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:16172
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:11952
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:19864
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:3604
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:10664
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:12116
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:22016
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:11732
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:13292
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:22684
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:6104
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:11684
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:13336
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:9080
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:7440
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:16124
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:14380
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:836
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:4756
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:8820
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:24108
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:17232
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:7160
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:18468
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:11740
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:22836
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:4108
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:7252
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:18236
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:11936
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:24092
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:19848
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:5332
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:11532
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:19716
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:8784
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:24180
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:17320
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2332
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:3288
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:4904
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:8296
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:17376
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:6312
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:10656
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:21996
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:11660
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:22820
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:4360
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:7328
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:10256
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:22796
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:5524
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:11700
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:4260
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:22828
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:8740
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:17160
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:2548
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:4736
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:8628
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:24132
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:17148
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:6192
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:16180
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:11676
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:12072
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:4056
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:6936
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:16684
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:11636
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:19740
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:5652
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:11572
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:16888
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:22660
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:7932
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:13468
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:12272
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:22772
- C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2752
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:356
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:1044
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:1640
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:8556
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:12372
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:17436
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:18508
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:11748
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:5892
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:4164
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:7264
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:10688
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:21124
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:11896
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:19888
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:5216
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:12088
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:22804
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:8568
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:17368
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:1592
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:4308
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:23132
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:11976
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:24100
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:5048
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:11668
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:16016
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:8684
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:23948
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:17092
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:4140
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:7200
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:18260
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:11912
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:19772
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:6124
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:12124
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:25496
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:8608
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:17500
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:1944
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:3408
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:5480
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:11596
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:22592
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:7868
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:18220
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:12256
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:22640
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:4780
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:9244
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:22576
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:17460
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:7796
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:18316
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:14588
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:2108
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:4324
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:7288
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:12264
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:24076
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:5456
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:11524
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:8652
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:19756
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:8496
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:17208
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:4064
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:6812
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:18636
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:10056
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:19520
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:5688
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:11580
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:22868
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:7448
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:13128
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:11296
- C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3068
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:1300
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:3344
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:4612
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:8592
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:17444
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:6820
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:16148
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:10120
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:19932
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:4428
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:7696
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:11156
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:17324
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:5624
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:11724
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:23596
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:8576
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:11048
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:17336
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:2000
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:4672
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:7956
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:14508
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:6592
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:22668
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:12328
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:3968
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:6656
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:18188
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:10144
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:18600
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:19276
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:5560
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:10248
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:12144
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:19368
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:7836
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:18592
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:12232
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:22892
- C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
  2⤵
  PID:2360
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:3364
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:5672
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:2380
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:18816
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:7816
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:24084
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:13112
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:11096
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:4408
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:7940
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:13120
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:22852
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:5568
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:12152
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:8472
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:24140
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:14540
- C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
  2⤵
  PID:3272
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:4584
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:8004
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:17256
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:14372
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:6672
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:13152
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:12048
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:11920
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:19856
- C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
  2⤵
  PID:4352
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:7296
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:13376
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:17352
- C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
  2⤵
  PID:5584
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:11780
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:13400
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:19840
- C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
  2⤵
  PID:8916
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:10224
- C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
  2⤵
  PID:17392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\danish lesbian masturbation .zip.exe

Filesize
695KB

MD5
ec5779f08c811d623736137cc6e41503

SHA1
61befd02f8a9dbd6d002316c94575ea4c921f746

SHA256
dbaf9ee39377f3e5251e9b61d22edb1c49a59bf4a6c292d58d7eb25a63871786

SHA512
5a9ad87640bb64db22fc3e001a3d09a5b8e7446fdba65c8b6ca74b2430b5314967ee757711590c0ef489245f2381799c18128200663b4221888b0838b39f5659

Download Submit
C:\debug.txt

Filesize
183B

MD5
ba5f4afe8c1fd490ec1cba8019b8577a

SHA1
9c2c129d154b767ee38c48fc00fcef83986b432b

SHA256
a42c4be303479d5e4f56f503bffb332e856ace1b54efe8016f19e8364765f567

SHA512
bfa2423534abc971f26e0a5ae0ea75bec168161b516cdc27ee0c108cf384920bdbeddddaaa9ce2a7ea259d5a1721874eafd11b5472b678e8bfdd522722383d53

Download Submit
memory/768-109-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/772-129-0x0000000004F20000-0x0000000004F4B000-memory.dmp

Filesize
172KB

Download
memory/836-142-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1044-110-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1044-145-0x0000000001DD0000-0x0000000001DFB000-memory.dmp

Filesize
172KB

Download
memory/1300-111-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1300-158-0x0000000005040000-0x000000000506B000-memory.dmp

Filesize
172KB

Download
memory/1348-119-0x0000000005090000-0x00000000050BB000-memory.dmp

Filesize
172KB

Download
memory/1348-165-0x0000000005090000-0x00000000050BB000-memory.dmp

Filesize
172KB

Download
memory/1348-107-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1420-117-0x0000000004E10000-0x0000000004E3B000-memory.dmp

Filesize
172KB

Download
memory/1420-171-0x0000000004F50000-0x0000000004F7B000-memory.dmp

Filesize
172KB

Download
memory/1420-103-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1572-121-0x0000000004F30000-0x0000000004F5B000-memory.dmp

Filesize
172KB

Download
memory/1572-167-0x0000000004F30000-0x0000000004F5B000-memory.dmp

Filesize
172KB

Download
memory/1572-102-0x0000000004DF0000-0x0000000004E1B000-memory.dmp

Filesize
172KB

Download
memory/1592-154-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1640-148-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1672-114-0x0000000004CF0000-0x0000000004D1B000-memory.dmp

Filesize
172KB

Download
memory/1672-152-0x0000000004D00000-0x0000000004D2B000-memory.dmp

Filesize
172KB

Download
memory/1672-92-0x0000000004CE0000-0x0000000004D0B000-memory.dmp

Filesize
172KB

Download
memory/1672-90-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1756-138-0x00000000050A0000-0x00000000050CB000-memory.dmp

Filesize
172KB

Download
memory/1860-151-0x0000000004E80000-0x0000000004EAB000-memory.dmp

Filesize
172KB

Download
memory/1880-133-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/1944-161-0x0000000002010000-0x000000000203B000-memory.dmp

Filesize
172KB

Download
memory/2000-139-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2032-106-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2032-127-0x0000000001E60000-0x0000000001E8B000-memory.dmp

Filesize
172KB

Download
memory/2036-160-0x00000000044B0000-0x00000000044DB000-memory.dmp

Filesize
172KB

Download
memory/2108-150-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2128-120-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2156-130-0x0000000005060000-0x000000000508B000-memory.dmp

Filesize
172KB

Download
memory/2156-108-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2180-115-0x0000000005BB0000-0x0000000005BDB000-memory.dmp

Filesize
172KB

Download
memory/2180-65-0x0000000005BB0000-0x0000000005BDB000-memory.dmp

Filesize
172KB

Download
memory/2180-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2180-155-0x0000000005BB0000-0x0000000005BDB000-memory.dmp

Filesize
172KB

Download
memory/2180-96-0x0000000005BB0000-0x0000000005BDB000-memory.dmp

Filesize
172KB

Download
memory/2208-124-0x0000000004A60000-0x0000000004A8B000-memory.dmp

Filesize
172KB

Download
memory/2208-104-0x0000000004A50000-0x0000000004A7B000-memory.dmp

Filesize
172KB

Download
memory/2208-168-0x0000000004A60000-0x0000000004A8B000-memory.dmp

Filesize
172KB

Download
memory/2240-147-0x0000000000830000-0x000000000085B000-memory.dmp

Filesize
172KB

Download
memory/2240-113-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2264-146-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/2264-112-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2312-125-0x0000000004A70000-0x0000000004A9B000-memory.dmp

Filesize
172KB

Download
memory/2312-95-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2312-170-0x0000000004A70000-0x0000000004A9B000-memory.dmp

Filesize
172KB

Download
memory/2312-99-0x00000000047F0000-0x000000000481B000-memory.dmp

Filesize
172KB

Download
memory/2312-105-0x0000000004A70000-0x0000000004A9B000-memory.dmp

Filesize
172KB

Download
memory/2332-156-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/2360-159-0x0000000001F70000-0x0000000001F9B000-memory.dmp

Filesize
172KB

Download
memory/2360-116-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2404-157-0x0000000004610000-0x000000000463B000-memory.dmp

Filesize
172KB

Download
memory/2488-140-0x0000000005070000-0x000000000509B000-memory.dmp

Filesize
172KB

Download
memory/2488-91-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2496-143-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2508-132-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2536-135-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2548-141-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2572-137-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2600-144-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2624-136-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2628-128-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2632-149-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2676-131-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2752-97-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2776-123-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2792-126-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2792-177-0x0000000001EC0000-0x0000000001EEB000-memory.dmp

Filesize
172KB

Download
memory/2836-118-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2836-162-0x0000000004D00000-0x0000000004D2B000-memory.dmp

Filesize
172KB

Download
memory/2868-100-0x0000000004DF0000-0x0000000004E1B000-memory.dmp

Filesize
172KB

Download
memory/2868-122-0x0000000004F30000-0x0000000004F5B000-memory.dmp

Filesize
172KB

Download
memory/2868-94-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2868-176-0x0000000004F30000-0x0000000004F5B000-memory.dmp

Filesize
172KB

Download
memory/2976-66-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2976-93-0x00000000050B0000-0x00000000050DB000-memory.dmp

Filesize
172KB

Download
memory/2976-178-0x00000000050B0000-0x00000000050DB000-memory.dmp

Filesize
172KB

Download
memory/2976-89-0x0000000001E80000-0x0000000001EAB000-memory.dmp

Filesize
172KB

Download
memory/3000-134-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3068-101-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3132-153-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3540-163-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3580-164-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3608-166-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3644-182-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3652-169-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3672-174-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3684-172-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3712-175-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3720-173-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3816-179-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3832-180-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3856-181-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download