ed041d588124dcc1faf0eecca80f8aa92d58b303f52208b619c6a794d1f4d4a0

Analysis

max time kernel
26s
max time network
55s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
14-07-2024 21:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

26c5308bcbd7966aedfb250d71e0df30N.exe
Size

1.5MB
MD5

26c5308bcbd7966aedfb250d71e0df30
SHA1

3827d816fcb30fbe0ad705bb9f49c61300bb2f10
SHA256

ed041d588124dcc1faf0eecca80f8aa92d58b303f52208b619c6a794d1f4d4a0
SHA512

bb91b81f62d3958c6c0f0e4753332fcae92f7364f039837c036432a83278aace32bfdd6bd117feb528b76fe74b652b0e0367feff3de79a67ed8f594e636a50c3
SSDEEP

24576:oWit6M+URVAp+zFMhr/TqRYshEVeYeAVYqIsunxGiqyNhkjXLb4ZLDqIXQNkKzOT:Vit6M+UR+cMZ5shEol7sunwrGCSDqmQ6

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	26c5308bcbd7966aedfb250d71e0df30N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\J:	26c5308bcbd7966aedfb250d71e0df30N.exe
File opened (read-only)	\??\N:	26c5308bcbd7966aedfb250d71e0df30N.exe
File opened (read-only)	\??\T:	26c5308bcbd7966aedfb250d71e0df30N.exe
File opened (read-only)	\??\X:	26c5308bcbd7966aedfb250d71e0df30N.exe
File opened (read-only)	\??\Y:	26c5308bcbd7966aedfb250d71e0df30N.exe
File opened (read-only)	\??\A:	26c5308bcbd7966aedfb250d71e0df30N.exe
File opened (read-only)	\??\I:	26c5308bcbd7966aedfb250d71e0df30N.exe
File opened (read-only)	\??\K:	26c5308bcbd7966aedfb250d71e0df30N.exe
File opened (read-only)	\??\Q:	26c5308bcbd7966aedfb250d71e0df30N.exe
File opened (read-only)	\??\R:	26c5308bcbd7966aedfb250d71e0df30N.exe
File opened (read-only)	\??\U:	26c5308bcbd7966aedfb250d71e0df30N.exe
File opened (read-only)	\??\Z:	26c5308bcbd7966aedfb250d71e0df30N.exe
File opened (read-only)	\??\B:	26c5308bcbd7966aedfb250d71e0df30N.exe
File opened (read-only)	\??\H:	26c5308bcbd7966aedfb250d71e0df30N.exe
File opened (read-only)	\??\S:	26c5308bcbd7966aedfb250d71e0df30N.exe
File opened (read-only)	\??\G:	26c5308bcbd7966aedfb250d71e0df30N.exe
File opened (read-only)	\??\O:	26c5308bcbd7966aedfb250d71e0df30N.exe
File opened (read-only)	\??\M:	26c5308bcbd7966aedfb250d71e0df30N.exe
File opened (read-only)	\??\P:	26c5308bcbd7966aedfb250d71e0df30N.exe
File opened (read-only)	\??\V:	26c5308bcbd7966aedfb250d71e0df30N.exe
File opened (read-only)	\??\W:	26c5308bcbd7966aedfb250d71e0df30N.exe
File opened (read-only)	\??\E:	26c5308bcbd7966aedfb250d71e0df30N.exe
File opened (read-only)	\??\L:	26c5308bcbd7966aedfb250d71e0df30N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\FxsTmp\lingerie licking .mpeg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\trambling public (Samantha).avi.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\SysWOW64\FxsTmp\xxx lesbian blondie .avi.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\SysWOW64\IME\shared\swedish handjob hardcore several models hole swallow .rar.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\tyrkish animal beast uncut feet (Christine,Sylvia).rar.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\System32\DriverStore\Temp\brasilian nude xxx [free] high heels .avi.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\beast licking sweet .mpg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\danish kicking bukkake public (Samantha).zip.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\beast voyeur cock .mpeg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\SysWOW64\IME\shared\gay public titts .avi.exe	26c5308bcbd7966aedfb250d71e0df30N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\fucking voyeur hotel (Sandy,Karin).rar.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\japanese handjob horse lesbian shower (Anniston,Sylvia).mpeg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\american nude horse [milf] hotel .mpg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\horse big feet .zip.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\trambling uncut sweet .rar.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Program Files (x86)\Google\Update\Download\gay [free] gorgeoushorny .zip.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\tyrkish action beast public mature .avi.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\brasilian kicking horse [bangbus] redhair (Sonja,Janette).mpeg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\tyrkish cum lingerie catfight titts ejaculation .mpeg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\black cumshot blowjob uncut (Sarah).mpeg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Program Files\Windows Journal\Templates\russian porn hardcore big blondie .mpg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\lesbian catfight black hairunshaved .rar.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Program Files (x86)\Google\Temp\danish action blowjob licking glans sm .mpeg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\sperm masturbation (Janette).avi.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Program Files\DVD Maker\Shared\brasilian beastiality lingerie full movie titts .mpg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\lesbian voyeur glans bedroom (Samantha).mpeg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\cumshot beast girls sm (Christine,Karin).mpeg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\russian action hardcore hidden pregnant .mpg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\asian hardcore big .mpg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\bukkake [bangbus] .rar.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\security\templates\tyrkish fetish hardcore voyeur stockings (Gina,Sarah).avi.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\brasilian nude bukkake lesbian .rar.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\handjob fucking [milf] glans lady (Sylvia).zip.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\brasilian handjob lingerie uncut circumcision .mpeg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\lesbian hidden balls .rar.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\trambling public redhair .avi.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\german horse voyeur bedroom (Jenna,Sarah).zip.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\japanese cumshot gay uncut (Liz).mpeg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\canadian horse hidden glans swallow .avi.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\fetish lesbian voyeur latex (Kathrin,Sarah).mpg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\fucking catfight hole penetration (Samantha).mpg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\handjob lingerie uncut .mpg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\chinese blowjob girls (Samantha).rar.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\lingerie licking titts ash (Samantha).zip.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\action hardcore uncut swallow .mpg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\cum hardcore full movie (Liz).mpeg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\kicking hardcore [milf] feet granny .mpg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\xxx hidden .zip.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\german fucking girls hotel .mpeg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\action gay sleeping cock shoes .zip.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\british blowjob public cock bedroom .zip.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\fucking girls hole girly (Curtney).rar.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\chinese gay hot (!) balls .mpg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\cum bukkake uncut sweet .zip.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\french beast several models mistress .rar.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\danish kicking sperm licking hole leather .zip.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\cumshot beast sleeping titts .rar.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\assembly\temp\horse full movie redhair .mpeg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\swedish fetish beast several models circumcision .avi.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\beastiality gay masturbation latex (Kathrin,Tatjana).mpeg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\winsxs\Temp\horse masturbation hole .avi.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\xxx lesbian cock (Sonja,Samantha).zip.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\porn lingerie public hotel .zip.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\danish beastiality lingerie uncut balls .mpg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\gang bang lingerie lesbian mistress .mpg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\american horse fucking sleeping .rar.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\italian porn horse sleeping (Jade).mpeg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\Downloaded Program Files\horse girls titts .rar.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\japanese handjob gay full movie .mpeg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\lingerie several models black hairunshaved .rar.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\sperm [milf] cock upskirt .rar.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\african lingerie voyeur femdom .mpg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\british blowjob [milf] blondie (Gina,Jade).zip.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\gang bang trambling catfight hole stockings .rar.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\italian porn bukkake [bangbus] (Curtney).mpg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\danish beastiality xxx full movie titts .rar.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\hardcore sleeping feet .zip.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\swedish animal xxx uncut gorgeoushorny .mpeg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\spanish fucking uncut cock .rar.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\indian horse trambling licking hole granny .rar.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\fucking hidden hole .rar.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\xxx hot (!) feet .avi.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\danish nude bukkake voyeur penetration .rar.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\british gay several models .zip.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\african lingerie uncut .mpeg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\american porn fucking lesbian cock fishy (Sarah).rar.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\trambling [milf] .mpg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\nude trambling voyeur feet black hairunshaved .mpg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\brasilian horse gay catfight stockings .rar.exe	26c5308bcbd7966aedfb250d71e0df30N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2416	26c5308bcbd7966aedfb250d71e0df30N.exe
2644	26c5308bcbd7966aedfb250d71e0df30N.exe
2416	26c5308bcbd7966aedfb250d71e0df30N.exe
652	26c5308bcbd7966aedfb250d71e0df30N.exe
1364	26c5308bcbd7966aedfb250d71e0df30N.exe
2644	26c5308bcbd7966aedfb250d71e0df30N.exe
2416	26c5308bcbd7966aedfb250d71e0df30N.exe
1884	26c5308bcbd7966aedfb250d71e0df30N.exe
2512	26c5308bcbd7966aedfb250d71e0df30N.exe
652	26c5308bcbd7966aedfb250d71e0df30N.exe
1732	26c5308bcbd7966aedfb250d71e0df30N.exe
1172	26c5308bcbd7966aedfb250d71e0df30N.exe
1364	26c5308bcbd7966aedfb250d71e0df30N.exe
2416	26c5308bcbd7966aedfb250d71e0df30N.exe
2644	26c5308bcbd7966aedfb250d71e0df30N.exe
1888	26c5308bcbd7966aedfb250d71e0df30N.exe
1976	26c5308bcbd7966aedfb250d71e0df30N.exe
1884	26c5308bcbd7966aedfb250d71e0df30N.exe
1736	26c5308bcbd7966aedfb250d71e0df30N.exe
652	26c5308bcbd7966aedfb250d71e0df30N.exe
1868	26c5308bcbd7966aedfb250d71e0df30N.exe
1028	26c5308bcbd7966aedfb250d71e0df30N.exe
1336	26c5308bcbd7966aedfb250d71e0df30N.exe
1932	26c5308bcbd7966aedfb250d71e0df30N.exe
1732	26c5308bcbd7966aedfb250d71e0df30N.exe
2512	26c5308bcbd7966aedfb250d71e0df30N.exe
2916	26c5308bcbd7966aedfb250d71e0df30N.exe
1172	26c5308bcbd7966aedfb250d71e0df30N.exe
1364	26c5308bcbd7966aedfb250d71e0df30N.exe
2416	26c5308bcbd7966aedfb250d71e0df30N.exe
2644	26c5308bcbd7966aedfb250d71e0df30N.exe
2932	26c5308bcbd7966aedfb250d71e0df30N.exe
792	26c5308bcbd7966aedfb250d71e0df30N.exe
2252	26c5308bcbd7966aedfb250d71e0df30N.exe
1888	26c5308bcbd7966aedfb250d71e0df30N.exe
1636	26c5308bcbd7966aedfb250d71e0df30N.exe
1884	26c5308bcbd7966aedfb250d71e0df30N.exe
968	26c5308bcbd7966aedfb250d71e0df30N.exe
1976	26c5308bcbd7966aedfb250d71e0df30N.exe
1736	26c5308bcbd7966aedfb250d71e0df30N.exe
1736	26c5308bcbd7966aedfb250d71e0df30N.exe
652	26c5308bcbd7966aedfb250d71e0df30N.exe
652	26c5308bcbd7966aedfb250d71e0df30N.exe
2308	26c5308bcbd7966aedfb250d71e0df30N.exe
2308	26c5308bcbd7966aedfb250d71e0df30N.exe
1776	26c5308bcbd7966aedfb250d71e0df30N.exe
1776	26c5308bcbd7966aedfb250d71e0df30N.exe
2492	26c5308bcbd7966aedfb250d71e0df30N.exe
2492	26c5308bcbd7966aedfb250d71e0df30N.exe
1096	26c5308bcbd7966aedfb250d71e0df30N.exe
1096	26c5308bcbd7966aedfb250d71e0df30N.exe
1336	26c5308bcbd7966aedfb250d71e0df30N.exe
1336	26c5308bcbd7966aedfb250d71e0df30N.exe
1732	26c5308bcbd7966aedfb250d71e0df30N.exe
1732	26c5308bcbd7966aedfb250d71e0df30N.exe
2512	26c5308bcbd7966aedfb250d71e0df30N.exe
2512	26c5308bcbd7966aedfb250d71e0df30N.exe
1028	26c5308bcbd7966aedfb250d71e0df30N.exe
1028	26c5308bcbd7966aedfb250d71e0df30N.exe
1104	26c5308bcbd7966aedfb250d71e0df30N.exe
1104	26c5308bcbd7966aedfb250d71e0df30N.exe
1160	26c5308bcbd7966aedfb250d71e0df30N.exe
1160	26c5308bcbd7966aedfb250d71e0df30N.exe
1340	26c5308bcbd7966aedfb250d71e0df30N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2416 wrote to memory of 2644	2416	26c5308bcbd7966aedfb250d71e0df30N.exe	31
PID 2416 wrote to memory of 2644	2416	26c5308bcbd7966aedfb250d71e0df30N.exe	31
PID 2416 wrote to memory of 2644	2416	26c5308bcbd7966aedfb250d71e0df30N.exe	31
PID 2416 wrote to memory of 2644	2416	26c5308bcbd7966aedfb250d71e0df30N.exe	31
PID 2644 wrote to memory of 652	2644	26c5308bcbd7966aedfb250d71e0df30N.exe	32
PID 2644 wrote to memory of 652	2644	26c5308bcbd7966aedfb250d71e0df30N.exe	32
PID 2644 wrote to memory of 652	2644	26c5308bcbd7966aedfb250d71e0df30N.exe	32
PID 2644 wrote to memory of 652	2644	26c5308bcbd7966aedfb250d71e0df30N.exe	32
PID 2416 wrote to memory of 1364	2416	26c5308bcbd7966aedfb250d71e0df30N.exe	33
PID 2416 wrote to memory of 1364	2416	26c5308bcbd7966aedfb250d71e0df30N.exe	33
PID 2416 wrote to memory of 1364	2416	26c5308bcbd7966aedfb250d71e0df30N.exe	33
PID 2416 wrote to memory of 1364	2416	26c5308bcbd7966aedfb250d71e0df30N.exe	33
PID 652 wrote to memory of 1884	652	26c5308bcbd7966aedfb250d71e0df30N.exe	34
PID 652 wrote to memory of 1884	652	26c5308bcbd7966aedfb250d71e0df30N.exe	34
PID 652 wrote to memory of 1884	652	26c5308bcbd7966aedfb250d71e0df30N.exe	34
PID 652 wrote to memory of 1884	652	26c5308bcbd7966aedfb250d71e0df30N.exe	34
PID 1364 wrote to memory of 2512	1364	26c5308bcbd7966aedfb250d71e0df30N.exe	35
PID 1364 wrote to memory of 2512	1364	26c5308bcbd7966aedfb250d71e0df30N.exe	35
PID 1364 wrote to memory of 2512	1364	26c5308bcbd7966aedfb250d71e0df30N.exe	35
PID 1364 wrote to memory of 2512	1364	26c5308bcbd7966aedfb250d71e0df30N.exe	35
PID 2416 wrote to memory of 1172	2416	26c5308bcbd7966aedfb250d71e0df30N.exe	37
PID 2416 wrote to memory of 1172	2416	26c5308bcbd7966aedfb250d71e0df30N.exe	37
PID 2416 wrote to memory of 1172	2416	26c5308bcbd7966aedfb250d71e0df30N.exe	37
PID 2416 wrote to memory of 1172	2416	26c5308bcbd7966aedfb250d71e0df30N.exe	37
PID 2644 wrote to memory of 1732	2644	26c5308bcbd7966aedfb250d71e0df30N.exe	36
PID 2644 wrote to memory of 1732	2644	26c5308bcbd7966aedfb250d71e0df30N.exe	36
PID 2644 wrote to memory of 1732	2644	26c5308bcbd7966aedfb250d71e0df30N.exe	36
PID 2644 wrote to memory of 1732	2644	26c5308bcbd7966aedfb250d71e0df30N.exe	36
PID 1884 wrote to memory of 1888	1884	26c5308bcbd7966aedfb250d71e0df30N.exe	38
PID 1884 wrote to memory of 1888	1884	26c5308bcbd7966aedfb250d71e0df30N.exe	38
PID 1884 wrote to memory of 1888	1884	26c5308bcbd7966aedfb250d71e0df30N.exe	38
PID 1884 wrote to memory of 1888	1884	26c5308bcbd7966aedfb250d71e0df30N.exe	38
PID 652 wrote to memory of 1976	652	26c5308bcbd7966aedfb250d71e0df30N.exe	39
PID 652 wrote to memory of 1976	652	26c5308bcbd7966aedfb250d71e0df30N.exe	39
PID 652 wrote to memory of 1976	652	26c5308bcbd7966aedfb250d71e0df30N.exe	39
PID 652 wrote to memory of 1976	652	26c5308bcbd7966aedfb250d71e0df30N.exe	39
PID 2512 wrote to memory of 1736	2512	26c5308bcbd7966aedfb250d71e0df30N.exe	40
PID 2512 wrote to memory of 1736	2512	26c5308bcbd7966aedfb250d71e0df30N.exe	40
PID 2512 wrote to memory of 1736	2512	26c5308bcbd7966aedfb250d71e0df30N.exe	40
PID 2512 wrote to memory of 1736	2512	26c5308bcbd7966aedfb250d71e0df30N.exe	40
PID 1732 wrote to memory of 1028	1732	26c5308bcbd7966aedfb250d71e0df30N.exe	42
PID 1732 wrote to memory of 1028	1732	26c5308bcbd7966aedfb250d71e0df30N.exe	42
PID 1732 wrote to memory of 1028	1732	26c5308bcbd7966aedfb250d71e0df30N.exe	42
PID 1732 wrote to memory of 1028	1732	26c5308bcbd7966aedfb250d71e0df30N.exe	42
PID 1172 wrote to memory of 1868	1172	26c5308bcbd7966aedfb250d71e0df30N.exe	41
PID 1172 wrote to memory of 1868	1172	26c5308bcbd7966aedfb250d71e0df30N.exe	41
PID 1172 wrote to memory of 1868	1172	26c5308bcbd7966aedfb250d71e0df30N.exe	41
PID 1172 wrote to memory of 1868	1172	26c5308bcbd7966aedfb250d71e0df30N.exe	41
PID 1364 wrote to memory of 1932	1364	26c5308bcbd7966aedfb250d71e0df30N.exe	43
PID 1364 wrote to memory of 1932	1364	26c5308bcbd7966aedfb250d71e0df30N.exe	43
PID 1364 wrote to memory of 1932	1364	26c5308bcbd7966aedfb250d71e0df30N.exe	43
PID 1364 wrote to memory of 1932	1364	26c5308bcbd7966aedfb250d71e0df30N.exe	43
PID 2416 wrote to memory of 1336	2416	26c5308bcbd7966aedfb250d71e0df30N.exe	44
PID 2416 wrote to memory of 1336	2416	26c5308bcbd7966aedfb250d71e0df30N.exe	44
PID 2416 wrote to memory of 1336	2416	26c5308bcbd7966aedfb250d71e0df30N.exe	44
PID 2416 wrote to memory of 1336	2416	26c5308bcbd7966aedfb250d71e0df30N.exe	44
PID 2644 wrote to memory of 2916	2644	26c5308bcbd7966aedfb250d71e0df30N.exe	45
PID 2644 wrote to memory of 2916	2644	26c5308bcbd7966aedfb250d71e0df30N.exe	45
PID 2644 wrote to memory of 2916	2644	26c5308bcbd7966aedfb250d71e0df30N.exe	45
PID 2644 wrote to memory of 2916	2644	26c5308bcbd7966aedfb250d71e0df30N.exe	45
PID 1888 wrote to memory of 2932	1888	26c5308bcbd7966aedfb250d71e0df30N.exe	46
PID 1888 wrote to memory of 2932	1888	26c5308bcbd7966aedfb250d71e0df30N.exe	46
PID 1888 wrote to memory of 2932	1888	26c5308bcbd7966aedfb250d71e0df30N.exe	46
PID 1888 wrote to memory of 2932	1888	26c5308bcbd7966aedfb250d71e0df30N.exe	46

C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
"C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2416
- C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
  "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2644
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:652
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1884
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1888
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        8⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        9⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        10⤵
        
        PID:13384
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        9⤵
        
        PID:8416
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        9⤵
        
        PID:13672
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        8⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        9⤵
        
        PID:8712
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        9⤵
        
        PID:15996
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        8⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        8⤵
        
        PID:11104
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        8⤵
        
        PID:21700
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        8⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        9⤵
        
        PID:13132
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        8⤵
        
        PID:8636
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        9⤵
        
        PID:11040
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        9⤵
        
        PID:21648
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        8⤵
        
        PID:13896
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        8⤵
        
        PID:9296
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        8⤵
        
        PID:11968
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:7128
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:11452
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:19852
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        8⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        9⤵
        
        PID:13392
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        9⤵
        
        PID:21960
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        8⤵
        
        PID:8432
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        8⤵
        
        PID:13688
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        8⤵
        
        PID:22192
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        8⤵
        
        PID:8704
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        9⤵
        
        PID:10760
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        8⤵
        
        PID:16020
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        8⤵
        
        PID:21888
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        8⤵
        
        PID:21560
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:12080
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:6556
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        8⤵
        
        PID:13040
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:8748
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:16088
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:9184
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:16216
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:6548
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:11052
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:21620
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2252
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        8⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        9⤵
        
        PID:13408
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        9⤵
        
        PID:22224
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        8⤵
        
        PID:8796
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        8⤵
        
        PID:13928
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        8⤵
        
        PID:8956
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        8⤵
        
        PID:13432
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        8⤵
        
        PID:21612
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:12120
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        8⤵
        
        PID:13072
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        8⤵
        
        PID:22208
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:9244
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:16284
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:10004
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:7732
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:12056
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:2152
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:11268
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:10252
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:13792
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:21944
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:8504
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:13944
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:3804
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:16168
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:9316
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:1980
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:5068
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:10012
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:7924
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:13416
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:21596
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1976
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:792
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        8⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        9⤵
        
        PID:12876
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        8⤵
        
        PID:8880
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        8⤵
        
        PID:13284
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        8⤵
        
        PID:9684
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        8⤵
        
        PID:13648
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:12064
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:21588
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        8⤵
        
        PID:16120
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:8896
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:13424
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:22216
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:9236
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:19800
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:7504
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:12160
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:2840
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:12072
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:3812
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:9200
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:19792
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:4004
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:7008
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:11420
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:6244
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:5704
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:12908
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:8644
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:13888
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:968
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:2828
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:11468
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:13824
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:21936
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:9104
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:16072
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:3840
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:21528
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:9252
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:19656
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:5332
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:9996
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:8080
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:11116
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:21688
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:2824
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:3724
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:6772
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:11460
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:19696
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:5436
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:4892
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:9176
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:16160
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:3904
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:6408
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:8996
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:10160
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:10796
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:5372
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:9988
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:8096
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:21748
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:13560
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1732
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1028
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1096
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        8⤵
        
        PID:9280
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        8⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:13576
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:21968
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:7240
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:11988
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:16136
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:9476
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:21092
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:2620
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:8668
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:14004
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:6564
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:10184
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:4052
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:6884
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:11476
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:16260
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:5736
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:10292
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:21264
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:8092
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:12392
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2308
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:2780
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:7536
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:13584
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:6496
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:10168
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:4060
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:6916
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:11080
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:21656
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:5760
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:12924
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:8240
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:11088
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:21636
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:2656
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:4672
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:7600
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:12700
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:22232
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:6596
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:9452
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:10200
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:8984
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:3932
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:6528
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:10192
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:16064
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:5556
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:12832
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:8112
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:11072
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:21604
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2916
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:2444
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:3540
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:9312
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:14020
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:7896
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:13220
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:21912
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:4376
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:7744
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:11492
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:16272
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:6440
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:16144
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:9940
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:3224
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:3452
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:4384
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:9716
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:21472
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:7708
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:12128
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:21804
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:4360
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:7920
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:11096
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:21628
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:6428
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:9168
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:10152
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:21520
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:2284
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:3216
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:4820
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:9160
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:16080
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:22200
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:7356
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:10568
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:16740
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:12112
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:3436
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:6360
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:10540
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:14032
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:6028
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:13832
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:8888
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:13512
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:21568
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:3444
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:4980
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:9972
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:9272
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:7588
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:3836
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:12684
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:4332
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:7984
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:13608
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:6248
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:16200
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:9956
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:10024
- C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
  "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1364
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2512
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1736
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1636
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        8⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        9⤵
        
        PID:21736
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        8⤵
        
        PID:10216
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        8⤵
        
        PID:21400
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        8⤵
        
        PID:12884
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:8120
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:11124
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:21680
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        8⤵
        
        PID:13504
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        8⤵
        
        PID:21896
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:9724
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:4100
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:10300
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:13936
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:21928
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:7892
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:12096
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:2504
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:2888
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:12104
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:16372
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:16112
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:9132
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:19740
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:3892
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:6368
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:10064
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:5380
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:10744
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:21756
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:8104
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:13552
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:21904
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1340
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:1800
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:8696
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:16012
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:7092
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:11256
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:21708
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:3100
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:7156
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:11436
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:19764
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:5896
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:12196
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:8424
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:16048
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:2608
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:4752
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:8348
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:13704
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:21976
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:6612
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:11248
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:3956
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:6580
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:9660
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:16252
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:5684
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:9980
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:21552
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:8376
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:13624
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:21920
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1932
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:960
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:3244
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:8908
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:15968
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:6452
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:12088
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:6292
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:4172
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:7620
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:12152
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:6012
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:21512
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:9708
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:21428
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:3428
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:4340
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:9748
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:7004
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:7540
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:13448
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:21664
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:4324
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:7908
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:13568
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:6212
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:9932
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:21500
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1160
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:1784
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:4896
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:8804
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:13904
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:7084
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:11444
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:19756
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:2236
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:7072
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:10548
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:14048
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:22900
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:5904
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:13480
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:8440
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:16036
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:3120
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:4244
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:9440
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:19872
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:7404
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:12168
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:16364
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:4124
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:7488
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:13456
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:22140
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:5916
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:6864
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:9732
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:10040
- C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
  "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1172
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1868
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1776
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:2128
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:8976
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:13440
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:7104
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:10812
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:21272
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:3952
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:7320
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:12136
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:5948
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:5836
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:21452
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:9692
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:13592
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:2868
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:4996
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:9288
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:19860
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:7136
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:11484
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:19808
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:4116
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:7560
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:12676
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:5888
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:13540
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:9740
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:8056
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:844
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:3252
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:5040
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:9148
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:19708
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:7568
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:12144
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:4140
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:7716
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:12692
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:5956
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:12868
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:9948
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:5660
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:3420
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:4772
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:9652
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:16004
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:7604
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:13336
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:4316
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:8008
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:13104
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:6232
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:21716
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:9964
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:3912
- C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
  "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1336
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1104
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:1476
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:5020
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:8684
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:16028
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:6900
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:10560
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:13880
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:22536
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:1752
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:6988
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:11308
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:21672
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:5876
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:13376
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:21776
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:8496
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:13680
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:21984
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:2720
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:4540
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:8072
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:12048
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:21448
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:6504
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:16128
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:10176
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:21724
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:3940
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:6540
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:11028
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:10208
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:4904
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:5652
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:12932
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:8248
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:13664
- C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
  "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2492
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:3084
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:5080
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:9192
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:11740
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:6840
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:10576
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:12016
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:4016
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:7272
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:11996
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:5828
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:13400
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:9700
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:13600
- C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
  "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
  2⤵
  PID:1168
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:4796
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:8676
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:13912
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:6644
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:11276
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:21792
- C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
  "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
  2⤵
  PID:4072
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:6872
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:11428
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:19528
- C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
  "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
  2⤵
  PID:5744
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:10264
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:13696
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:21952
- C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
  "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
  2⤵
  PID:7944
- C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
  "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
  2⤵
  PID:11060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\black cumshot blowjob uncut (Sarah).mpeg.exe

Filesize
2.0MB

MD5
fc14631ed5a5f525b31b27493bd44c35

SHA1
601c3bdd37626f1fc1c6e6dc65baede64638b515

SHA256
30d8afcd846230691af21faaeff74cafea47c5f7daab4a7375bc2805aa7ac715

SHA512
80a069af219c09ed0fc30503e40522a7f8b492efde9dccb9a7001c2265743f0d585e1ded75eb4f7e9981c9e65e1b9f033bfdd1eaa28c822162a70b0d431986d6

Download Submit
C:\debug.txt

Filesize
183B

MD5
daaf65487bd876268443291fb20e2628

SHA1
8332f89ec40994d5ba59f2971c79eeffe76afc61

SHA256
9550f5fbc19206a3d05454a3255f36f3ce703491c91c433a626039cdee9ded07

SHA512
3a28e44f07dcdece13213a59c35b94d1d9450eaf627d1fed85c6221284b00bc04e655b9fdac4c6074ed703029a674b9bd016adb1a7b858d9c680d485971d02d3

Download Submit
memory/652-97-0x0000000004E30000-0x0000000004E5B000-memory.dmp

Filesize
172KB

Download
memory/652-123-0x0000000004E40000-0x0000000004E6B000-memory.dmp

Filesize
172KB

Download
memory/652-91-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/652-92-0x0000000004BA0000-0x0000000004BCB000-memory.dmp

Filesize
172KB

Download
memory/652-171-0x0000000004E40000-0x0000000004E6B000-memory.dmp

Filesize
172KB

Download
memory/652-176-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/792-164-0x00000000045E0000-0x000000000460B000-memory.dmp

Filesize
172KB

Download
memory/792-106-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/960-146-0x0000000004E00000-0x0000000004E2B000-memory.dmp

Filesize
172KB

Download
memory/968-120-0x0000000001E70000-0x0000000001E9B000-memory.dmp

Filesize
172KB

Download
memory/968-168-0x0000000004490000-0x00000000044BB000-memory.dmp

Filesize
172KB

Download
memory/968-107-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1028-130-0x0000000005060000-0x000000000508B000-memory.dmp

Filesize
172KB

Download
memory/1028-178-0x0000000005060000-0x000000000508B000-memory.dmp

Filesize
172KB

Download
memory/1096-108-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1104-136-0x0000000004590000-0x00000000045BB000-memory.dmp

Filesize
172KB

Download
memory/1160-183-0x0000000005070000-0x000000000509B000-memory.dmp

Filesize
172KB

Download
memory/1160-135-0x0000000004DF0000-0x0000000004E1B000-memory.dmp

Filesize
172KB

Download
memory/1168-134-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1172-151-0x00000000045E0000-0x000000000460B000-memory.dmp

Filesize
172KB

Download
memory/1172-181-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1172-95-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1336-101-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1336-173-0x0000000005060000-0x000000000508B000-memory.dmp

Filesize
172KB

Download
memory/1340-137-0x00000000044B0000-0x00000000044DB000-memory.dmp

Filesize
172KB

Download
memory/1364-142-0x0000000004F30000-0x0000000004F5B000-memory.dmp

Filesize
172KB

Download
memory/1364-177-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1476-138-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1604-160-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/1636-167-0x0000000004F40000-0x0000000004F6B000-memory.dmp

Filesize
172KB

Download
memory/1732-182-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1732-172-0x0000000004F40000-0x0000000004F6B000-memory.dmp

Filesize
172KB

Download
memory/1732-129-0x0000000004F40000-0x0000000004F6B000-memory.dmp

Filesize
172KB

Download
memory/1736-99-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1736-170-0x0000000001F00000-0x0000000001F2B000-memory.dmp

Filesize
172KB

Download
memory/1736-122-0x0000000001F00000-0x0000000001F2B000-memory.dmp

Filesize
172KB

Download
memory/1776-139-0x0000000004E00000-0x0000000004E2B000-memory.dmp

Filesize
172KB

Download
memory/1776-109-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1784-148-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1800-149-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1868-100-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1884-118-0x0000000005060000-0x000000000508B000-memory.dmp

Filesize
172KB

Download
memory/1884-93-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1884-179-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1884-165-0x0000000005070000-0x000000000509B000-memory.dmp

Filesize
172KB

Download
memory/1884-96-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/1888-115-0x0000000004E40000-0x0000000004E6B000-memory.dmp

Filesize
172KB

Download
memory/1888-104-0x0000000004BC0000-0x0000000004BEB000-memory.dmp

Filesize
172KB

Download
memory/1976-98-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1976-121-0x0000000004F60000-0x0000000004F8B000-memory.dmp

Filesize
172KB

Download
memory/2128-140-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2152-119-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2176-162-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/2252-166-0x0000000001F40000-0x0000000001F6B000-memory.dmp

Filesize
172KB

Download
memory/2252-116-0x0000000000830000-0x000000000085B000-memory.dmp

Filesize
172KB

Download
memory/2284-145-0x0000000004590000-0x00000000045BB000-memory.dmp

Filesize
172KB

Download
memory/2308-128-0x0000000004590000-0x00000000045BB000-memory.dmp

Filesize
172KB

Download
memory/2388-117-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2388-163-0x0000000000790000-0x00000000007BB000-memory.dmp

Filesize
172KB

Download
memory/2416-64-0x0000000005BE0000-0x0000000005C0B000-memory.dmp

Filesize
172KB

Download
memory/2416-174-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2416-133-0x0000000005BE0000-0x0000000005C0B000-memory.dmp

Filesize
172KB

Download
memory/2416-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2420-156-0x0000000004E10000-0x0000000004E3B000-memory.dmp

Filesize
172KB

Download
memory/2444-154-0x0000000005050000-0x000000000507B000-memory.dmp

Filesize
172KB

Download
memory/2444-113-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2492-110-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2512-94-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2512-180-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2512-175-0x0000000004F30000-0x0000000004F5B000-memory.dmp

Filesize
172KB

Download
memory/2572-169-0x0000000004590000-0x00000000045BB000-memory.dmp

Filesize
172KB

Download
memory/2608-132-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2620-144-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2644-152-0x0000000004D00000-0x0000000004D2B000-memory.dmp

Filesize
172KB

Download
memory/2644-111-0x0000000004D00000-0x0000000004D2B000-memory.dmp

Filesize
172KB

Download
memory/2644-65-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2644-90-0x0000000004CE0000-0x0000000004D0B000-memory.dmp

Filesize
172KB

Download
memory/2656-131-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2824-125-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2828-126-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2840-124-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2868-150-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2888-127-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2916-112-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/2916-153-0x0000000004DF0000-0x0000000004E1B000-memory.dmp

Filesize
172KB

Download
memory/2916-102-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2932-105-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2932-158-0x0000000004A80000-0x0000000004AAB000-memory.dmp

Filesize
172KB

Download
memory/2932-114-0x0000000001EB0000-0x0000000001EDB000-memory.dmp

Filesize
172KB

Download
memory/3084-141-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3120-143-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3244-147-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3540-155-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3576-157-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3616-159-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3648-161-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download