fa1745fe614b52298c149d89052ab9f61c0826e4ec698c519dd68c643fbf0c1f

Analysis

max time kernel
20s
max time network
123s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
11/07/2024, 20:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

057e929e7fa432bdf1d51b6000935370N.exe
Size

1.5MB
MD5

057e929e7fa432bdf1d51b6000935370
SHA1

63108844ae30889571823a8d4bccf4d14d7282ae
SHA256

fa1745fe614b52298c149d89052ab9f61c0826e4ec698c519dd68c643fbf0c1f
SHA512

de621360bb04e946e613a837e175cd7b963fdcb4e03502df6a3506e85c6c9b6ccc757e422664dc613584485fdffc0872a11fbf528eb62287c0c86860333a14e2
SSDEEP

24576:oWbk6RMN/UbLjyBkw0u3cn4+nzvsqTEYBW0C66pP66m803jROQ/WADThe:Vb5iN/Ub83s4+nIq4GrU6rFj8x

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	057e929e7fa432bdf1d51b6000935370N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\O:	057e929e7fa432bdf1d51b6000935370N.exe
File opened (read-only)	\??\Y:	057e929e7fa432bdf1d51b6000935370N.exe
File opened (read-only)	\??\A:	057e929e7fa432bdf1d51b6000935370N.exe
File opened (read-only)	\??\J:	057e929e7fa432bdf1d51b6000935370N.exe
File opened (read-only)	\??\N:	057e929e7fa432bdf1d51b6000935370N.exe
File opened (read-only)	\??\P:	057e929e7fa432bdf1d51b6000935370N.exe
File opened (read-only)	\??\R:	057e929e7fa432bdf1d51b6000935370N.exe
File opened (read-only)	\??\T:	057e929e7fa432bdf1d51b6000935370N.exe
File opened (read-only)	\??\U:	057e929e7fa432bdf1d51b6000935370N.exe
File opened (read-only)	\??\V:	057e929e7fa432bdf1d51b6000935370N.exe
File opened (read-only)	\??\Z:	057e929e7fa432bdf1d51b6000935370N.exe
File opened (read-only)	\??\E:	057e929e7fa432bdf1d51b6000935370N.exe
File opened (read-only)	\??\G:	057e929e7fa432bdf1d51b6000935370N.exe
File opened (read-only)	\??\I:	057e929e7fa432bdf1d51b6000935370N.exe
File opened (read-only)	\??\L:	057e929e7fa432bdf1d51b6000935370N.exe
File opened (read-only)	\??\M:	057e929e7fa432bdf1d51b6000935370N.exe
File opened (read-only)	\??\S:	057e929e7fa432bdf1d51b6000935370N.exe
File opened (read-only)	\??\W:	057e929e7fa432bdf1d51b6000935370N.exe
File opened (read-only)	\??\X:	057e929e7fa432bdf1d51b6000935370N.exe
File opened (read-only)	\??\B:	057e929e7fa432bdf1d51b6000935370N.exe
File opened (read-only)	\??\H:	057e929e7fa432bdf1d51b6000935370N.exe
File opened (read-only)	\??\K:	057e929e7fa432bdf1d51b6000935370N.exe
File opened (read-only)	\??\Q:	057e929e7fa432bdf1d51b6000935370N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\IME\shared\italian porn horse public .avi.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\sperm hidden glans (Britney,Jade).zip.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\gay [milf] castration (Ashley,Jade).zip.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\System32\DriverStore\Temp\russian horse trambling hot (!) .mpeg.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\SysWOW64\FxsTmp\nude sperm lesbian glans high heels (Janette).mpeg.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\SysWOW64\FxsTmp\black animal hardcore voyeur (Karin).zip.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\SysWOW64\IME\shared\swedish action sperm big cock granny (Tatjana).mpg.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\indian nude beast sleeping penetration .mpg.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\italian gang bang gay voyeur young .mpeg.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\lesbian masturbation young .rar.exe	057e929e7fa432bdf1d51b6000935370N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Journal\Templates\lesbian uncut .mpeg.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\indian animal hardcore hidden femdom .avi.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Program Files (x86)\Google\Update\Download\hardcore girls glans .mpg.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\tyrkish fetish blowjob uncut pregnant (Kathrin,Melissa).rar.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\danish kicking horse [free] cock pregnant .mpg.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\blowjob public swallow .rar.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\horse girls beautyfull (Christine,Sarah).mpeg.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Program Files (x86)\Google\Temp\american gang bang blowjob hot (!) hole boots (Sarah).rar.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\italian beastiality trambling catfight hole .rar.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\american cumshot beast full movie glans .avi.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\horse catfight .zip.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\xxx licking feet shoes (Jade).zip.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\japanese action lesbian voyeur .rar.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Program Files\DVD Maker\Shared\black cum bukkake catfight glans bedroom .mpg.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\indian kicking hardcore full movie glans sm .avi.exe	057e929e7fa432bdf1d51b6000935370N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\nude lingerie big .avi.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\spanish blowjob girls circumcision .rar.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\fucking hot (!) hole traffic (Sarah).zip.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\african horse catfight titts leather (Samantha).avi.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\gang bang hardcore [milf] titts 50+ (Liz).mpg.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\lesbian hot (!) swallow (Kathrin,Samantha).avi.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\kicking fucking catfight glans circumcision .mpeg.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\sperm public .avi.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\indian cum lesbian sleeping hole sm (Samantha).mpg.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\SoftwareDistribution\Download\indian cumshot trambling hidden femdom .zip.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\horse full movie glans .mpg.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\cumshot blowjob masturbation (Tatjana).zip.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\horse horse catfight lady (Gina,Curtney).mpg.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\brasilian action lingerie lesbian lady .mpg.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\american fetish xxx full movie sweet .rar.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\black cumshot trambling several models .mpg.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\handjob gay masturbation .zip.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\gay catfight hole ejaculation .rar.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\asian sperm catfight beautyfull .avi.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\swedish nude hardcore big blondie .mpg.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\japanese handjob hardcore uncut .avi.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\indian porn blowjob public mature .zip.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\chinese gay hidden circumcision .rar.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\swedish beastiality trambling big (Samantha).rar.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\winsxs\InstallTemp\fetish horse girls .mpg.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\mssrv.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\japanese porn trambling masturbation (Tatjana).mpg.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\asian trambling public (Jade).rar.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\fucking licking mistress .zip.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\german lesbian several models .mpg.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\spanish hardcore girls hole high heels .mpg.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\african blowjob hot (!) hole .avi.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\gay [free] lady .zip.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\security\templates\fucking full movie .rar.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\italian beastiality blowjob sleeping .mpg.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\african fucking [milf] cock granny .rar.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\gang bang bukkake girls .rar.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\bukkake hidden .mpeg.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\sperm [bangbus] .rar.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\black fetish xxx hidden hole ejaculation .mpg.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\assembly\temp\xxx girls cock girly (Karin).avi.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\indian kicking trambling hot (!) .rar.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\blowjob hidden feet beautyfull (Jade).zip.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\gang bang gay sleeping sweet .avi.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\nude lesbian hidden redhair .mpeg.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\indian beastiality blowjob licking glans .mpeg.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\tyrkish kicking gay big leather (Gina,Liz).avi.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\Downloaded Program Files\italian handjob horse big stockings .rar.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\spanish beast voyeur titts traffic .rar.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\animal hardcore public leather .rar.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\fetish beast catfight lady .avi.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\nude bukkake several models cock (Sonja,Jade).mpeg.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\animal horse lesbian titts (Sandy,Janette).zip.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\cum sperm [free] (Samantha).mpeg.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\blowjob uncut sm .mpg.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\indian fetish beast lesbian hole balls (Karin).rar.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\horse trambling full movie .mpg.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\fetish gay catfight 40+ .rar.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\italian gang bang trambling full movie .rar.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\german horse full movie titts .mpg.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\swedish action xxx lesbian hole mature .rar.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\malaysia gay full movie .zip.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\sperm [milf] titts beautyfull (Samantha).rar.exe	057e929e7fa432bdf1d51b6000935370N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\black handjob fucking [free] .rar.exe	057e929e7fa432bdf1d51b6000935370N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2224	057e929e7fa432bdf1d51b6000935370N.exe
2600	057e929e7fa432bdf1d51b6000935370N.exe
2224	057e929e7fa432bdf1d51b6000935370N.exe
1008	057e929e7fa432bdf1d51b6000935370N.exe
1932	057e929e7fa432bdf1d51b6000935370N.exe
2600	057e929e7fa432bdf1d51b6000935370N.exe
2224	057e929e7fa432bdf1d51b6000935370N.exe
448	057e929e7fa432bdf1d51b6000935370N.exe
1976	057e929e7fa432bdf1d51b6000935370N.exe
2752	057e929e7fa432bdf1d51b6000935370N.exe
1008	057e929e7fa432bdf1d51b6000935370N.exe
1412	057e929e7fa432bdf1d51b6000935370N.exe
1932	057e929e7fa432bdf1d51b6000935370N.exe
2600	057e929e7fa432bdf1d51b6000935370N.exe
2224	057e929e7fa432bdf1d51b6000935370N.exe
536	057e929e7fa432bdf1d51b6000935370N.exe
448	057e929e7fa432bdf1d51b6000935370N.exe
2944	057e929e7fa432bdf1d51b6000935370N.exe
2964	057e929e7fa432bdf1d51b6000935370N.exe
1872	057e929e7fa432bdf1d51b6000935370N.exe
296	057e929e7fa432bdf1d51b6000935370N.exe
2904	057e929e7fa432bdf1d51b6000935370N.exe
2752	057e929e7fa432bdf1d51b6000935370N.exe
1008	057e929e7fa432bdf1d51b6000935370N.exe
1976	057e929e7fa432bdf1d51b6000935370N.exe
2804	057e929e7fa432bdf1d51b6000935370N.exe
1932	057e929e7fa432bdf1d51b6000935370N.exe
2756	057e929e7fa432bdf1d51b6000935370N.exe
2600	057e929e7fa432bdf1d51b6000935370N.exe
2224	057e929e7fa432bdf1d51b6000935370N.exe
1412	057e929e7fa432bdf1d51b6000935370N.exe
1608	057e929e7fa432bdf1d51b6000935370N.exe
536	057e929e7fa432bdf1d51b6000935370N.exe
2360	057e929e7fa432bdf1d51b6000935370N.exe
448	057e929e7fa432bdf1d51b6000935370N.exe
1656	057e929e7fa432bdf1d51b6000935370N.exe
408	057e929e7fa432bdf1d51b6000935370N.exe
1184	057e929e7fa432bdf1d51b6000935370N.exe
1836	057e929e7fa432bdf1d51b6000935370N.exe
848	057e929e7fa432bdf1d51b6000935370N.exe
2944	057e929e7fa432bdf1d51b6000935370N.exe
1872	057e929e7fa432bdf1d51b6000935370N.exe
2752	057e929e7fa432bdf1d51b6000935370N.exe
1008	057e929e7fa432bdf1d51b6000935370N.exe
1552	057e929e7fa432bdf1d51b6000935370N.exe
1552	057e929e7fa432bdf1d51b6000935370N.exe
2964	057e929e7fa432bdf1d51b6000935370N.exe
2964	057e929e7fa432bdf1d51b6000935370N.exe
296	057e929e7fa432bdf1d51b6000935370N.exe
296	057e929e7fa432bdf1d51b6000935370N.exe
2120	057e929e7fa432bdf1d51b6000935370N.exe
2120	057e929e7fa432bdf1d51b6000935370N.exe
2496	057e929e7fa432bdf1d51b6000935370N.exe
2496	057e929e7fa432bdf1d51b6000935370N.exe
1976	057e929e7fa432bdf1d51b6000935370N.exe
1976	057e929e7fa432bdf1d51b6000935370N.exe
1932	057e929e7fa432bdf1d51b6000935370N.exe
1932	057e929e7fa432bdf1d51b6000935370N.exe
2904	057e929e7fa432bdf1d51b6000935370N.exe
2904	057e929e7fa432bdf1d51b6000935370N.exe
2052	057e929e7fa432bdf1d51b6000935370N.exe
2052	057e929e7fa432bdf1d51b6000935370N.exe
1596	057e929e7fa432bdf1d51b6000935370N.exe
1596	057e929e7fa432bdf1d51b6000935370N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2224 wrote to memory of 2600	2224	057e929e7fa432bdf1d51b6000935370N.exe	30
PID 2224 wrote to memory of 2600	2224	057e929e7fa432bdf1d51b6000935370N.exe	30
PID 2224 wrote to memory of 2600	2224	057e929e7fa432bdf1d51b6000935370N.exe	30
PID 2224 wrote to memory of 2600	2224	057e929e7fa432bdf1d51b6000935370N.exe	30
PID 2600 wrote to memory of 1008	2600	057e929e7fa432bdf1d51b6000935370N.exe	31
PID 2600 wrote to memory of 1008	2600	057e929e7fa432bdf1d51b6000935370N.exe	31
PID 2600 wrote to memory of 1008	2600	057e929e7fa432bdf1d51b6000935370N.exe	31
PID 2600 wrote to memory of 1008	2600	057e929e7fa432bdf1d51b6000935370N.exe	31
PID 2224 wrote to memory of 1932	2224	057e929e7fa432bdf1d51b6000935370N.exe	32
PID 2224 wrote to memory of 1932	2224	057e929e7fa432bdf1d51b6000935370N.exe	32
PID 2224 wrote to memory of 1932	2224	057e929e7fa432bdf1d51b6000935370N.exe	32
PID 2224 wrote to memory of 1932	2224	057e929e7fa432bdf1d51b6000935370N.exe	32
PID 1008 wrote to memory of 448	1008	057e929e7fa432bdf1d51b6000935370N.exe	33
PID 1008 wrote to memory of 448	1008	057e929e7fa432bdf1d51b6000935370N.exe	33
PID 1008 wrote to memory of 448	1008	057e929e7fa432bdf1d51b6000935370N.exe	33
PID 1008 wrote to memory of 448	1008	057e929e7fa432bdf1d51b6000935370N.exe	33
PID 1932 wrote to memory of 1976	1932	057e929e7fa432bdf1d51b6000935370N.exe	34
PID 1932 wrote to memory of 1976	1932	057e929e7fa432bdf1d51b6000935370N.exe	34
PID 1932 wrote to memory of 1976	1932	057e929e7fa432bdf1d51b6000935370N.exe	34
PID 1932 wrote to memory of 1976	1932	057e929e7fa432bdf1d51b6000935370N.exe	34
PID 2600 wrote to memory of 2752	2600	057e929e7fa432bdf1d51b6000935370N.exe	35
PID 2600 wrote to memory of 2752	2600	057e929e7fa432bdf1d51b6000935370N.exe	35
PID 2600 wrote to memory of 2752	2600	057e929e7fa432bdf1d51b6000935370N.exe	35
PID 2600 wrote to memory of 2752	2600	057e929e7fa432bdf1d51b6000935370N.exe	35
PID 2224 wrote to memory of 1412	2224	057e929e7fa432bdf1d51b6000935370N.exe	36
PID 2224 wrote to memory of 1412	2224	057e929e7fa432bdf1d51b6000935370N.exe	36
PID 2224 wrote to memory of 1412	2224	057e929e7fa432bdf1d51b6000935370N.exe	36
PID 2224 wrote to memory of 1412	2224	057e929e7fa432bdf1d51b6000935370N.exe	36
PID 448 wrote to memory of 536	448	057e929e7fa432bdf1d51b6000935370N.exe	37
PID 448 wrote to memory of 536	448	057e929e7fa432bdf1d51b6000935370N.exe	37
PID 448 wrote to memory of 536	448	057e929e7fa432bdf1d51b6000935370N.exe	37
PID 448 wrote to memory of 536	448	057e929e7fa432bdf1d51b6000935370N.exe	37
PID 2752 wrote to memory of 2964	2752	057e929e7fa432bdf1d51b6000935370N.exe	38
PID 2752 wrote to memory of 2964	2752	057e929e7fa432bdf1d51b6000935370N.exe	38
PID 2752 wrote to memory of 2964	2752	057e929e7fa432bdf1d51b6000935370N.exe	38
PID 2752 wrote to memory of 2964	2752	057e929e7fa432bdf1d51b6000935370N.exe	38
PID 1008 wrote to memory of 2944	1008	057e929e7fa432bdf1d51b6000935370N.exe	39
PID 1008 wrote to memory of 2944	1008	057e929e7fa432bdf1d51b6000935370N.exe	39
PID 1008 wrote to memory of 2944	1008	057e929e7fa432bdf1d51b6000935370N.exe	39
PID 1008 wrote to memory of 2944	1008	057e929e7fa432bdf1d51b6000935370N.exe	39
PID 1976 wrote to memory of 296	1976	057e929e7fa432bdf1d51b6000935370N.exe	40
PID 1976 wrote to memory of 296	1976	057e929e7fa432bdf1d51b6000935370N.exe	40
PID 1976 wrote to memory of 296	1976	057e929e7fa432bdf1d51b6000935370N.exe	40
PID 1976 wrote to memory of 296	1976	057e929e7fa432bdf1d51b6000935370N.exe	40
PID 1932 wrote to memory of 1872	1932	057e929e7fa432bdf1d51b6000935370N.exe	41
PID 1932 wrote to memory of 1872	1932	057e929e7fa432bdf1d51b6000935370N.exe	41
PID 1932 wrote to memory of 1872	1932	057e929e7fa432bdf1d51b6000935370N.exe	41
PID 1932 wrote to memory of 1872	1932	057e929e7fa432bdf1d51b6000935370N.exe	41
PID 2600 wrote to memory of 2904	2600	057e929e7fa432bdf1d51b6000935370N.exe	42
PID 2600 wrote to memory of 2904	2600	057e929e7fa432bdf1d51b6000935370N.exe	42
PID 2600 wrote to memory of 2904	2600	057e929e7fa432bdf1d51b6000935370N.exe	42
PID 2600 wrote to memory of 2904	2600	057e929e7fa432bdf1d51b6000935370N.exe	42
PID 2224 wrote to memory of 2804	2224	057e929e7fa432bdf1d51b6000935370N.exe	43
PID 2224 wrote to memory of 2804	2224	057e929e7fa432bdf1d51b6000935370N.exe	43
PID 2224 wrote to memory of 2804	2224	057e929e7fa432bdf1d51b6000935370N.exe	43
PID 2224 wrote to memory of 2804	2224	057e929e7fa432bdf1d51b6000935370N.exe	43
PID 1412 wrote to memory of 2756	1412	057e929e7fa432bdf1d51b6000935370N.exe	44
PID 1412 wrote to memory of 2756	1412	057e929e7fa432bdf1d51b6000935370N.exe	44
PID 1412 wrote to memory of 2756	1412	057e929e7fa432bdf1d51b6000935370N.exe	44
PID 1412 wrote to memory of 2756	1412	057e929e7fa432bdf1d51b6000935370N.exe	44
PID 536 wrote to memory of 1608	536	057e929e7fa432bdf1d51b6000935370N.exe	45
PID 536 wrote to memory of 1608	536	057e929e7fa432bdf1d51b6000935370N.exe	45
PID 536 wrote to memory of 1608	536	057e929e7fa432bdf1d51b6000935370N.exe	45
PID 536 wrote to memory of 1608	536	057e929e7fa432bdf1d51b6000935370N.exe	45

C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
"C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2224
- C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
  "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2600
- - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
    "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1008
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:448
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:536
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        8⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        9⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        10⤵
        
        PID:10260
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        10⤵
        
        PID:16172
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        9⤵
        
        PID:8020
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        9⤵
        
        PID:15668
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        9⤵
        
        PID:12336
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        8⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        9⤵
        
        PID:9164
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        9⤵
        
        PID:13180
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        9⤵
        
        PID:11488
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        8⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        8⤵
        
        PID:11712
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        8⤵
        
        PID:21152
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        8⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        9⤵
        
        PID:11616
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        9⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        8⤵
        
        PID:8552
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        8⤵
        
        PID:19064
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        8⤵
        
        PID:9196
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        8⤵
        
        PID:12960
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        8⤵
        
        PID:22748
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:7264
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:11848
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:22356
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        8⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        9⤵
        
        PID:11624
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        9⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        8⤵
        
        PID:8764
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        8⤵
        
        PID:18736
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        8⤵
        
        PID:9560
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        8⤵
        
        PID:19248
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:7312
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:11924
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:20036
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        8⤵
        
        PID:12032
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        8⤵
        
        PID:22796
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:8756
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:18688
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:9636
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:15504
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:7256
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:12212
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:22836
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2360
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        8⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        9⤵
        
        PID:11236
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        9⤵
        
        PID:21056
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        8⤵
        
        PID:8808
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        8⤵
        
        PID:16268
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        8⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        8⤵
        
        PID:9620
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        8⤵
        
        PID:15864
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:7272
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:12204
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:10968
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        8⤵
        
        PID:11632
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        8⤵
        
        PID:22844
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:8544
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:18884
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:9576
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:19508
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:7360
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:11900
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:20828
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:2312
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        8⤵
        
        PID:11224
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        8⤵
        
        PID:20488
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:8740
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:18704
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:10120
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:16324
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:7396
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:12412
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:19828
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:3628
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:11508
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:21088
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:8748
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:18728
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:5044
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:8956
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:20368
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:7240
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:12228
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:20328
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2944
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1656
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        8⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        9⤵
        
        PID:12668
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        9⤵
        
        PID:22420
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        8⤵
        
        PID:8536
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        8⤵
        
        PID:18856
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        8⤵
        
        PID:9040
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        8⤵
        
        PID:18900
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:11720
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:836
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        8⤵
        
        PID:11568
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        8⤵
        
        PID:19240
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:8528
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:18864
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:8684
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:16216
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:23620
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:7232
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:12236
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:22716
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:2328
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        8⤵
        
        PID:12704
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        8⤵
        
        PID:22864
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:9820
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:19844
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:9932
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:20028
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:8052
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:12744
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:10680
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:3692
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:12508
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:23568
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:8772
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:18340
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:5276
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:10176
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:18720
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:7788
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:13304
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:22820
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1552
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:1444
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:8212
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:16180
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:6804
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:10712
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:22888
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:4304
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:6448
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:8332
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:18908
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:6600
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:10720
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:22332
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:1732
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:3740
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:11356
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:20632
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:9796
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:20500
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:5388
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:10688
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:6664
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:7940
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:12688
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:20064
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:12736
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:20128
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:3764
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:6232
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:12040
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:20804
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:8364
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:19224
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:5412
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:10252
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:16188
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:7996
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:16068
- - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
    "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2752
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2964
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1184
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        8⤵
        
        PID:7304
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        8⤵
        
        PID:11704
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        8⤵
        
        PID:22436
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        8⤵
        
        PID:15944
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        8⤵
        
        PID:23592
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:8792
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:18680
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:11212
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:22340
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:11608
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:23144
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:7948
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:12696
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:20104
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:2792
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:10588
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:16020
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:11432
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:11688
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:20228
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:8324
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:18960
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:3820
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:6476
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:9812
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:19980
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:5528
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:11592
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:22804
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:7972
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:12720
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:20044
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:848
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:2968
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:12660
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:20148
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:6684
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:10572
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:16028
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:3288
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:4260
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:7380
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:12220
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:11476
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:6132
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:12712
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:22348
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:9780
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:1404
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:1492
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:4044
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:6976
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:10980
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:6920
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:5964
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:12420
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:15964
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:11856
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:9012
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:18752
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:3756
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:6168
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:15932
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:23576
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:9628
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:15524
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:23608
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:5404
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:10996
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:22324
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:7980
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:16076
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:10224
- - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
    "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2904
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2496
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:2080
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:9004
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:18504
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:7176
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:11696
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:20180
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:4400
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:8120
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:18712
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:6468
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:8340
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:18744
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:2520
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:4296
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:7516
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:12304
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:22828
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:6256
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:8404
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:18916
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:4004
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:6932
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:10988
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:22780
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:5988
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:11580
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:20816
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:8800
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:16304
- - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
    "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
    3⤵
    PID:872
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:3180
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:4204
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:9540
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:15684
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:6416
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:8376
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:16316
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:4576
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:8184
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:16164
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:11656
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:6836
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:11032
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:10952
- - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
    "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
    3⤵
    PID:1152
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:4688
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:8920
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:18892
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:7020
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:11680
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:20172
- - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
    "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
    3⤵
    PID:4344
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:7800
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:15580
- - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
    "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
    3⤵
    PID:6568
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:12648
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:20120
- - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
    "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
    3⤵
    PID:10200
- - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
    "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
    3⤵
    PID:20156
- C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
  "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1932
- - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
    "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1976
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:296
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1836
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        8⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        8⤵
        
        PID:10184
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        8⤵
        
        PID:15976
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        8⤵
        
        PID:23032
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        8⤵
        
        PID:11600
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        8⤵
        
        PID:22852
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:7964
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        8⤵
        
        PID:12496
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        8⤵
        
        PID:20904
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:12760
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:19516
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:10928
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:6928
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:10972
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:19056
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:7956
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:12728
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:19500
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:2684
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:7540
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:11664
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:20140
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:15952
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:2112
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:8696
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:16244
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:3828
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:6624
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:10728
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:22788
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:5536
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:10896
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:21096
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:7988
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:12752
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:19352
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2120
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:2372
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:8976
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:19900
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:7008
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:11500
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:22772
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:4320
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:7588
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:11452
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:20872
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:6264
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:8384
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:18672
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:2808
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:4244
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:7420
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:12436
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:19988
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:6124
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:11436
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:20796
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:9788
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:20688
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:3988
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:6912
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:11020
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:5764
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:5932
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:12460
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:23560
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:9072
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:18240
- - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
    "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1872
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:408
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:1564
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:8356
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:19000
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:12284
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:19852
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:9112
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:19304
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:6780
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:11012
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:19216
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:5644
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:10920
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:20912
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:8396
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:15908
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:23584
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:3004
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:4024
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:6884
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:10564
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:16004
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:7876
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:5940
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:11444
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:20164
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:8996
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:18512
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:3748
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:6196
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:8348
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:19232
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:5396
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:10244
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:16224
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:8028
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:18764
- - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
    "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2052
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:1200
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:4784
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:9176
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:12932
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:23152
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:7336
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:11908
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:21888
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:4420
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:8100
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:18152
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:6828
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:10532
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:16296
- - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
    "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
    3⤵
    PID:2524
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:4276
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:7456
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:12444
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:20864
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:6140
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:11860
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:20920
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:9828
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:19972
- - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
    "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
    3⤵
    PID:3996
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:6964
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:10580
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:16044
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:23236
- - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
    "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
    3⤵
    PID:5908
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:11648
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:19864
- - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
    "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
    3⤵
    PID:8704
- - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
    "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
    3⤵
    PID:16012
- - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
    "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
    3⤵
    PID:11208
- C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
  "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1412
- - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
    "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2756
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:2316
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:3292
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:9588
        
        C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        7⤵
        
        PID:20112
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:7404
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:12404
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:19724
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:4604
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:8928
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:18872
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:6860
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:10268
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:16204
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:1920
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:4732
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:9048
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:19532
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:7016
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:12184
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:6960
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:4456
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:8080
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:18696
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:6844
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:10540
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:16060
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:11840
- - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
    "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
    3⤵
    PID:1864
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:3200
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:5136
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:9520
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:19996
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:7528
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:11672
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:19524
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:4568
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:8480
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:18520
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:6484
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:9804
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:20672
- - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
    "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
    3⤵
    PID:3080
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:4944
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:9212
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:12428
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:19836
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:7280
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:11732
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:23160
- - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
    "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
    3⤵
    PID:4524
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:8148
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:16288
- - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
    "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
    3⤵
    PID:6868
- - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
    "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
    3⤵
    PID:11004
- - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
    "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
    3⤵
    PID:19072
- C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
  "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2804
- - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
    "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1596
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:3132
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:4968
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:9760
      - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        6⤵
        
        PID:2580
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:7352
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:11932
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:21896
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:4516
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:8412
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:16336
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:6852
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:10548
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:16052
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:11460
- - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
    "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
    3⤵
    PID:1644
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:4476
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:8160
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:16132
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:6820
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:10556
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:16036
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:9192
- - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
    "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
    3⤵
    PID:4312
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:7496
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:13188
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:22812
- - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
    "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
    3⤵
    PID:6612
- - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
    "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
    3⤵
    PID:10696
- - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
    "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
    3⤵
    PID:22428
- C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
  "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
  2⤵
  PID:1632
- - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
    "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
    3⤵
    PID:3280
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:5172
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:9532
    - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
        5⤵
        
        PID:19888
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:7388
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:13320
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:22872
- - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
    "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
    3⤵
    PID:4592
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:8968
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:20292
- - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
    "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
    3⤵
    PID:7000
- - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
    "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
    3⤵
    PID:10908
- - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
    "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
    3⤵
    PID:16280
- C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
  "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
  2⤵
  PID:2240
- - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
    "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
    3⤵
    PID:4852
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:9144
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:12396
  - - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
      "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
      4⤵
      PID:19572
- - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
    "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
    3⤵
    PID:7344
- - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
    "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
    3⤵
    PID:11916
- - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
    "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
    3⤵
    PID:21880
- C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
  "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
  2⤵
  PID:4408
- - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
    "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
    3⤵
    PID:8168
- - C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
    "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
    3⤵
    PID:16196
- C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
  "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
  2⤵
  PID:6812
- C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
  "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
  2⤵
  PID:10704
- C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe
  "C:\Users\Admin\AppData\Local\Temp\057e929e7fa432bdf1d51b6000935370N.exe"
  2⤵
  PID:22880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\horse girls beautyfull (Christine,Sarah).mpeg.exe

Filesize
1.5MB

MD5
52f1bf601e0d7c45b4ee5c95a5c563f8

SHA1
60d6fb594acc86750419a34a3bd6312ec018bd2a

SHA256
a41b731d694e339c32318aa09f861f2af42f4ffb84bf815fdb4aaed982afefc5

SHA512
19d967b6a1d1d2246324957be173bd0704649c5aca3dddb31c494dce0fc8373e3de72ad43d4f4eb8f2910c56353ab2c73a93f917b9563d943a3daaceadd30f7e

Download Submit
C:\debug.txt

Filesize
183B

MD5
fd33beda679bba3fa46d8c6bb165ac46

SHA1
43c207e09d86c997d89efa559a4cac5dc620d34b

SHA256
c135ffb59b386b8e0009c870355e6af3ac697d6e61afe40165ba442218ec79ef

SHA512
3742aa9bc4a230bbb8289136f9be34e99683fb288b21779c5bf505071bdd0b90450ec26b559d81ea0d4f15948ded784336125894615cb4d9d85e6bdb886c9005

Download Submit