ebf2a65417b43ed6faa271b571e68f7b2b8f8ca8fb4291e73d95d76c6f0f2dfa

Analysis

max time kernel
23s
max time network
16s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
15-07-2024 00:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4d1a51a7115a786c983aa8bb83071960N.exe
Size

1.2MB
MD5

4d1a51a7115a786c983aa8bb83071960
SHA1

6bf6ad7901b95ed5d252f07cd1693264da2a4260
SHA256

ebf2a65417b43ed6faa271b571e68f7b2b8f8ca8fb4291e73d95d76c6f0f2dfa
SHA512

4f99332d34d1268cf233846df049e058188e72ae7819653c533eab9c7829d2a69ba228586ddb630bee6efe5a97bc67ad0418788e4360b01a05152dde69ecf559
SSDEEP

24576:oWIHiem3rMw4f43HEbi0fzv4KiYPQ8tc9Aw0/um0MnpIeUJWHocn:VICem3ww4g3EbiWwKFPJSQGm0mE5cn

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	4d1a51a7115a786c983aa8bb83071960N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\A:	4d1a51a7115a786c983aa8bb83071960N.exe
File opened (read-only)	\??\E:	4d1a51a7115a786c983aa8bb83071960N.exe
File opened (read-only)	\??\M:	4d1a51a7115a786c983aa8bb83071960N.exe
File opened (read-only)	\??\S:	4d1a51a7115a786c983aa8bb83071960N.exe
File opened (read-only)	\??\B:	4d1a51a7115a786c983aa8bb83071960N.exe
File opened (read-only)	\??\H:	4d1a51a7115a786c983aa8bb83071960N.exe
File opened (read-only)	\??\J:	4d1a51a7115a786c983aa8bb83071960N.exe
File opened (read-only)	\??\K:	4d1a51a7115a786c983aa8bb83071960N.exe
File opened (read-only)	\??\L:	4d1a51a7115a786c983aa8bb83071960N.exe
File opened (read-only)	\??\Q:	4d1a51a7115a786c983aa8bb83071960N.exe
File opened (read-only)	\??\W:	4d1a51a7115a786c983aa8bb83071960N.exe
File opened (read-only)	\??\X:	4d1a51a7115a786c983aa8bb83071960N.exe
File opened (read-only)	\??\G:	4d1a51a7115a786c983aa8bb83071960N.exe
File opened (read-only)	\??\I:	4d1a51a7115a786c983aa8bb83071960N.exe
File opened (read-only)	\??\N:	4d1a51a7115a786c983aa8bb83071960N.exe
File opened (read-only)	\??\P:	4d1a51a7115a786c983aa8bb83071960N.exe
File opened (read-only)	\??\R:	4d1a51a7115a786c983aa8bb83071960N.exe
File opened (read-only)	\??\V:	4d1a51a7115a786c983aa8bb83071960N.exe
File opened (read-only)	\??\O:	4d1a51a7115a786c983aa8bb83071960N.exe
File opened (read-only)	\??\T:	4d1a51a7115a786c983aa8bb83071960N.exe
File opened (read-only)	\??\U:	4d1a51a7115a786c983aa8bb83071960N.exe
File opened (read-only)	\??\Y:	4d1a51a7115a786c983aa8bb83071960N.exe
File opened (read-only)	\??\Z:	4d1a51a7115a786c983aa8bb83071960N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\tyrkish handjob sperm several models hole redhair (Sylvia).rar.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\System32\DriverStore\Temp\russian horse blowjob girls .avi.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\russian gang bang lesbian hidden hole mistress .zip.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\lesbian lesbian titts (Ashley,Sylvia).avi.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\SysWOW64\FxsTmp\american porn hardcore [milf] (Janette).avi.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\SysWOW64\IME\shared\danish handjob blowjob several models cock wifey (Jade).rar.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\russian cumshot xxx lesbian (Melissa).mpeg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\SysWOW64\FxsTmp\fetish sperm licking latex (Anniston,Tatjana).avi.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\SysWOW64\IME\shared\japanese animal trambling sleeping .zip.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\brasilian cumshot lesbian sleeping balls .mpg.exe	4d1a51a7115a786c983aa8bb83071960N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\trambling hot (!) latex (Sandy,Tatjana).mpg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Program Files (x86)\Google\Temp\italian horse hardcore full movie upskirt .mpg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\american animal beast lesbian bedroom .mpeg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\sperm public titts hairy (Sarah).mpeg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\swedish cum horse big titts shower (Curtney).mpg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Program Files\DVD Maker\Shared\italian action gay uncut bondage (Sonja,Samantha).mpeg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\blowjob girls granny .mpg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\tyrkish horse beast catfight titts shoes (Jade).avi.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Program Files (x86)\Google\Update\Download\american gang bang xxx hot (!) sweet .mpeg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\danish horse hardcore licking .rar.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\indian nude gay voyeur feet bedroom (Jade).avi.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\horse sleeping glans shower (Tatjana).zip.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Program Files\Windows Journal\Templates\black porn fucking several models titts ejaculation .avi.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\danish gang bang lesbian girls castration .mpeg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\sperm sleeping cock .zip.exe	4d1a51a7115a786c983aa8bb83071960N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\asian beast hidden gorgeoushorny .zip.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\action beast hidden titts .zip.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\canadian fucking several models granny .avi.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\bukkake voyeur feet traffic (Curtney).avi.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\italian animal sperm hidden cock .rar.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\Downloaded Program Files\xxx full movie cock bondage .mpg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\american kicking horse [free] cock traffic .zip.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\lingerie sleeping .zip.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\french bukkake big high heels (Gina,Janette).mpeg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\canadian sperm lesbian glans 40+ (Janette).mpeg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\italian handjob lingerie voyeur femdom (Christine,Janette).avi.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\horse lesbian glans .mpeg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\lingerie licking .mpeg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\russian handjob horse [milf] feet bondage .mpg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\russian nude lingerie [bangbus] (Tatjana).rar.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\norwegian sperm lesbian penetration .zip.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\swedish porn blowjob hot (!) fishy .avi.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\indian animal trambling masturbation high heels .mpg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\asian lesbian public hole black hairunshaved .avi.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\danish fetish blowjob girls glans .avi.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\gang bang sperm sleeping feet .rar.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\indian kicking xxx catfight hole boots .avi.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\swedish fetish bukkake hidden glans sweet .zip.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\indian nude hardcore girls glans 40+ (Janette).mpeg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\malaysia fucking licking gorgeoushorny (Christine,Karin).rar.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\lingerie uncut wifey (Kathrin,Tatjana).avi.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\brasilian beastiality horse hidden feet 50+ .mpeg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\gang bang beast [milf] glans black hairunshaved .zip.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\black handjob fucking [free] (Curtney).zip.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\cumshot hardcore hot (!) .mpg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\PLA\Templates\hardcore lesbian penetration (Ashley,Karin).zip.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\brasilian handjob lingerie full movie traffic (Jenna,Jade).mpg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\norwegian bukkake [bangbus] lady .mpeg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\japanese porn xxx several models glans ìï (Tatjana).zip.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\italian horse horse catfight glans wifey .zip.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\assembly\tmp\horse lesbian .zip.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\horse trambling sleeping leather .rar.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\assembly\temp\danish kicking lingerie public .avi.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\sperm girls hole circumcision (Karin).mpeg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\malaysia fucking [bangbus] circumcision .zip.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\winsxs\InstallTemp\brasilian fetish lesbian hot (!) .avi.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\mssrv.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\horse uncut titts .zip.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\russian nude hardcore [bangbus] femdom .mpeg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\hardcore sleeping mistress .mpeg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\gay hidden titts sweet .mpg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\french horse hot (!) shower .avi.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\french blowjob girls .zip.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\spanish blowjob uncut redhair .rar.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\swedish kicking fucking hot (!) traffic .mpg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\canadian sperm girls black hairunshaved .zip.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\nude horse [bangbus] hole .zip.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\horse several models .mpg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\porn bukkake big glans .zip.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\hardcore hidden hairy .mpeg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\lingerie several models hole latex .zip.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\kicking beast several models glans YEâPSè& .avi.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\lingerie [bangbus] beautyfull .avi.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\asian trambling [bangbus] glans stockings (Melissa).mpeg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\japanese cumshot sperm uncut .zip.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\trambling big pregnant .mpeg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\tyrkish animal gay hot (!) young .mpg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\trambling licking 40+ .mpg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\indian kicking xxx [free] lady .mpg.exe	4d1a51a7115a786c983aa8bb83071960N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1720	4d1a51a7115a786c983aa8bb83071960N.exe
2760	4d1a51a7115a786c983aa8bb83071960N.exe
1720	4d1a51a7115a786c983aa8bb83071960N.exe
2680	4d1a51a7115a786c983aa8bb83071960N.exe
3008	4d1a51a7115a786c983aa8bb83071960N.exe
2760	4d1a51a7115a786c983aa8bb83071960N.exe
1720	4d1a51a7115a786c983aa8bb83071960N.exe
1640	4d1a51a7115a786c983aa8bb83071960N.exe
2008	4d1a51a7115a786c983aa8bb83071960N.exe
1100	4d1a51a7115a786c983aa8bb83071960N.exe
2680	4d1a51a7115a786c983aa8bb83071960N.exe
2200	4d1a51a7115a786c983aa8bb83071960N.exe
3008	4d1a51a7115a786c983aa8bb83071960N.exe
2760	4d1a51a7115a786c983aa8bb83071960N.exe
1720	4d1a51a7115a786c983aa8bb83071960N.exe
2516	4d1a51a7115a786c983aa8bb83071960N.exe
632	4d1a51a7115a786c983aa8bb83071960N.exe
1640	4d1a51a7115a786c983aa8bb83071960N.exe
1040	4d1a51a7115a786c983aa8bb83071960N.exe
2008	4d1a51a7115a786c983aa8bb83071960N.exe
1488	4d1a51a7115a786c983aa8bb83071960N.exe
1644	4d1a51a7115a786c983aa8bb83071960N.exe
2680	4d1a51a7115a786c983aa8bb83071960N.exe
1100	4d1a51a7115a786c983aa8bb83071960N.exe
1048	4d1a51a7115a786c983aa8bb83071960N.exe
1968	4d1a51a7115a786c983aa8bb83071960N.exe
2200	4d1a51a7115a786c983aa8bb83071960N.exe
2104	4d1a51a7115a786c983aa8bb83071960N.exe
1720	4d1a51a7115a786c983aa8bb83071960N.exe
2760	4d1a51a7115a786c983aa8bb83071960N.exe
3008	4d1a51a7115a786c983aa8bb83071960N.exe
2256	4d1a51a7115a786c983aa8bb83071960N.exe
1808	4d1a51a7115a786c983aa8bb83071960N.exe
2516	4d1a51a7115a786c983aa8bb83071960N.exe
444	4d1a51a7115a786c983aa8bb83071960N.exe
2784	4d1a51a7115a786c983aa8bb83071960N.exe
1640	4d1a51a7115a786c983aa8bb83071960N.exe
632	4d1a51a7115a786c983aa8bb83071960N.exe
2008	4d1a51a7115a786c983aa8bb83071960N.exe
2036	4d1a51a7115a786c983aa8bb83071960N.exe
2044	4d1a51a7115a786c983aa8bb83071960N.exe
1040	4d1a51a7115a786c983aa8bb83071960N.exe
3040	4d1a51a7115a786c983aa8bb83071960N.exe
300	4d1a51a7115a786c983aa8bb83071960N.exe
300	4d1a51a7115a786c983aa8bb83071960N.exe
1488	4d1a51a7115a786c983aa8bb83071960N.exe
1488	4d1a51a7115a786c983aa8bb83071960N.exe
2680	4d1a51a7115a786c983aa8bb83071960N.exe
2680	4d1a51a7115a786c983aa8bb83071960N.exe
292	4d1a51a7115a786c983aa8bb83071960N.exe
292	4d1a51a7115a786c983aa8bb83071960N.exe
1448	4d1a51a7115a786c983aa8bb83071960N.exe
1448	4d1a51a7115a786c983aa8bb83071960N.exe
1100	4d1a51a7115a786c983aa8bb83071960N.exe
1100	4d1a51a7115a786c983aa8bb83071960N.exe
2200	4d1a51a7115a786c983aa8bb83071960N.exe
2200	4d1a51a7115a786c983aa8bb83071960N.exe
1712	4d1a51a7115a786c983aa8bb83071960N.exe
1712	4d1a51a7115a786c983aa8bb83071960N.exe
1724	4d1a51a7115a786c983aa8bb83071960N.exe
1724	4d1a51a7115a786c983aa8bb83071960N.exe
1692	4d1a51a7115a786c983aa8bb83071960N.exe
1692	4d1a51a7115a786c983aa8bb83071960N.exe
2148	4d1a51a7115a786c983aa8bb83071960N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1720 wrote to memory of 2760	1720	4d1a51a7115a786c983aa8bb83071960N.exe	30
PID 1720 wrote to memory of 2760	1720	4d1a51a7115a786c983aa8bb83071960N.exe	30
PID 1720 wrote to memory of 2760	1720	4d1a51a7115a786c983aa8bb83071960N.exe	30
PID 1720 wrote to memory of 2760	1720	4d1a51a7115a786c983aa8bb83071960N.exe	30
PID 2760 wrote to memory of 2680	2760	4d1a51a7115a786c983aa8bb83071960N.exe	31
PID 2760 wrote to memory of 2680	2760	4d1a51a7115a786c983aa8bb83071960N.exe	31
PID 2760 wrote to memory of 2680	2760	4d1a51a7115a786c983aa8bb83071960N.exe	31
PID 2760 wrote to memory of 2680	2760	4d1a51a7115a786c983aa8bb83071960N.exe	31
PID 1720 wrote to memory of 3008	1720	4d1a51a7115a786c983aa8bb83071960N.exe	32
PID 1720 wrote to memory of 3008	1720	4d1a51a7115a786c983aa8bb83071960N.exe	32
PID 1720 wrote to memory of 3008	1720	4d1a51a7115a786c983aa8bb83071960N.exe	32
PID 1720 wrote to memory of 3008	1720	4d1a51a7115a786c983aa8bb83071960N.exe	32
PID 2680 wrote to memory of 1640	2680	4d1a51a7115a786c983aa8bb83071960N.exe	33
PID 2680 wrote to memory of 1640	2680	4d1a51a7115a786c983aa8bb83071960N.exe	33
PID 2680 wrote to memory of 1640	2680	4d1a51a7115a786c983aa8bb83071960N.exe	33
PID 2680 wrote to memory of 1640	2680	4d1a51a7115a786c983aa8bb83071960N.exe	33
PID 3008 wrote to memory of 1100	3008	4d1a51a7115a786c983aa8bb83071960N.exe	34
PID 3008 wrote to memory of 1100	3008	4d1a51a7115a786c983aa8bb83071960N.exe	34
PID 3008 wrote to memory of 1100	3008	4d1a51a7115a786c983aa8bb83071960N.exe	34
PID 3008 wrote to memory of 1100	3008	4d1a51a7115a786c983aa8bb83071960N.exe	34
PID 2760 wrote to memory of 2008	2760	4d1a51a7115a786c983aa8bb83071960N.exe	35
PID 2760 wrote to memory of 2008	2760	4d1a51a7115a786c983aa8bb83071960N.exe	35
PID 2760 wrote to memory of 2008	2760	4d1a51a7115a786c983aa8bb83071960N.exe	35
PID 2760 wrote to memory of 2008	2760	4d1a51a7115a786c983aa8bb83071960N.exe	35
PID 1720 wrote to memory of 2200	1720	4d1a51a7115a786c983aa8bb83071960N.exe	36
PID 1720 wrote to memory of 2200	1720	4d1a51a7115a786c983aa8bb83071960N.exe	36
PID 1720 wrote to memory of 2200	1720	4d1a51a7115a786c983aa8bb83071960N.exe	36
PID 1720 wrote to memory of 2200	1720	4d1a51a7115a786c983aa8bb83071960N.exe	36
PID 1640 wrote to memory of 2516	1640	4d1a51a7115a786c983aa8bb83071960N.exe	37
PID 1640 wrote to memory of 2516	1640	4d1a51a7115a786c983aa8bb83071960N.exe	37
PID 1640 wrote to memory of 2516	1640	4d1a51a7115a786c983aa8bb83071960N.exe	37
PID 1640 wrote to memory of 2516	1640	4d1a51a7115a786c983aa8bb83071960N.exe	37
PID 1100 wrote to memory of 1040	1100	4d1a51a7115a786c983aa8bb83071960N.exe	38
PID 1100 wrote to memory of 1040	1100	4d1a51a7115a786c983aa8bb83071960N.exe	38
PID 1100 wrote to memory of 1040	1100	4d1a51a7115a786c983aa8bb83071960N.exe	38
PID 1100 wrote to memory of 1040	1100	4d1a51a7115a786c983aa8bb83071960N.exe	38
PID 2008 wrote to memory of 632	2008	4d1a51a7115a786c983aa8bb83071960N.exe	39
PID 2008 wrote to memory of 632	2008	4d1a51a7115a786c983aa8bb83071960N.exe	39
PID 2008 wrote to memory of 632	2008	4d1a51a7115a786c983aa8bb83071960N.exe	39
PID 2008 wrote to memory of 632	2008	4d1a51a7115a786c983aa8bb83071960N.exe	39
PID 2680 wrote to memory of 1488	2680	4d1a51a7115a786c983aa8bb83071960N.exe	40
PID 2680 wrote to memory of 1488	2680	4d1a51a7115a786c983aa8bb83071960N.exe	40
PID 2680 wrote to memory of 1488	2680	4d1a51a7115a786c983aa8bb83071960N.exe	40
PID 2680 wrote to memory of 1488	2680	4d1a51a7115a786c983aa8bb83071960N.exe	40
PID 2200 wrote to memory of 1644	2200	4d1a51a7115a786c983aa8bb83071960N.exe	41
PID 2200 wrote to memory of 1644	2200	4d1a51a7115a786c983aa8bb83071960N.exe	41
PID 2200 wrote to memory of 1644	2200	4d1a51a7115a786c983aa8bb83071960N.exe	41
PID 2200 wrote to memory of 1644	2200	4d1a51a7115a786c983aa8bb83071960N.exe	41
PID 2760 wrote to memory of 1048	2760	4d1a51a7115a786c983aa8bb83071960N.exe	42
PID 2760 wrote to memory of 1048	2760	4d1a51a7115a786c983aa8bb83071960N.exe	42
PID 2760 wrote to memory of 1048	2760	4d1a51a7115a786c983aa8bb83071960N.exe	42
PID 2760 wrote to memory of 1048	2760	4d1a51a7115a786c983aa8bb83071960N.exe	42
PID 3008 wrote to memory of 1968	3008	4d1a51a7115a786c983aa8bb83071960N.exe	43
PID 3008 wrote to memory of 1968	3008	4d1a51a7115a786c983aa8bb83071960N.exe	43
PID 3008 wrote to memory of 1968	3008	4d1a51a7115a786c983aa8bb83071960N.exe	43
PID 3008 wrote to memory of 1968	3008	4d1a51a7115a786c983aa8bb83071960N.exe	43
PID 1720 wrote to memory of 2104	1720	4d1a51a7115a786c983aa8bb83071960N.exe	44
PID 1720 wrote to memory of 2104	1720	4d1a51a7115a786c983aa8bb83071960N.exe	44
PID 1720 wrote to memory of 2104	1720	4d1a51a7115a786c983aa8bb83071960N.exe	44
PID 1720 wrote to memory of 2104	1720	4d1a51a7115a786c983aa8bb83071960N.exe	44
PID 2516 wrote to memory of 2256	2516	4d1a51a7115a786c983aa8bb83071960N.exe	46
PID 2516 wrote to memory of 2256	2516	4d1a51a7115a786c983aa8bb83071960N.exe	46
PID 2516 wrote to memory of 2256	2516	4d1a51a7115a786c983aa8bb83071960N.exe	46
PID 2516 wrote to memory of 2256	2516	4d1a51a7115a786c983aa8bb83071960N.exe	46

C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
"C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1720
- C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
  "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2760
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2680
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1640
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2516
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        8⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        9⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        10⤵
        
        PID:11196
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        9⤵
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        10⤵
        
        PID:17772
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        9⤵
        
        PID:11560
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        8⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        9⤵
        
        PID:8672
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        10⤵
        
        PID:19956
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        9⤵
        
        PID:13692
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        8⤵
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        9⤵
        
        PID:13472
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        8⤵
        
        PID:11148
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        8⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        9⤵
        
        PID:11280
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        8⤵
        
        PID:7692
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        9⤵
        
        PID:19948
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        8⤵
        
        PID:11416
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        8⤵
        
        PID:8388
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        8⤵
        
        PID:16420
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        8⤵
        
        PID:15488
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:11156
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:20860
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        8⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        9⤵
        
        PID:11488
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        8⤵
        
        PID:9056
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        8⤵
        
        PID:16676
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        8⤵
        
        PID:8372
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        8⤵
        
        PID:17376
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        8⤵
        
        PID:18052
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:13384
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        8⤵
        
        PID:11496
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:8480
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        8⤵
        
        PID:20148
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:16072
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:8644
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        8⤵
        
        PID:19932
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:16360
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:17276
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:11648
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1808
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        8⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        9⤵
        
        PID:10700
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        8⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        9⤵
        
        PID:20528
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        8⤵
        
        PID:16412
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        8⤵
        
        PID:8552
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        9⤵
        
        PID:17972
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        8⤵
        
        PID:16024
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        8⤵
        
        PID:15452
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:10348
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        8⤵
        
        PID:9716
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        8⤵
        
        PID:17956
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:7560
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        8⤵
        
        PID:19308
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:11632
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:8520
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:17336
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:9592
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        8⤵
        
        PID:20512
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:20196
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:9508
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:16208
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:2168
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        8⤵
        
        PID:11808
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:8616
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        8⤵
        
        PID:17948
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:16388
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:9220
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        8⤵
        
        PID:16428
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:17228
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:17980
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:11820
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:3688
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:9656
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        8⤵
        
        PID:20712
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:13700
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:8536
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:16468
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:4820
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:8568
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:16532
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:7052
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:15444
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:10372
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:20728
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1488
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2044
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        8⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        9⤵
        
        PID:18784
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        8⤵
        
        PID:11512
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        8⤵
        
        PID:13448
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:8360
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        8⤵
        
        PID:21076
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:17368
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        8⤵
        
        PID:15528
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:11640
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:11448
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:8844
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:17940
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:11776
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:2732
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        8⤵
        
        PID:17732
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:11584
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:11440
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:8756
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:20452
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:16352
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:3540
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:9708
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:20224
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:11204
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:5812
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:10016
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:18864
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:8296
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:17804
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:16328
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3040
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:2620
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:7464
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        8⤵
        
        PID:17292
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:9572
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:14588
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:15568
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:9120
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:16320
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:4268
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:7344
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:18108
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:11544
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:5640
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:13432
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:9112
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:13800
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:4052
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:17260
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:11568
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:5952
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:11476
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:8836
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:11800
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:3108
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:6852
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:13440
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:11400
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:5732
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:11220
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:7804
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:18028
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:11624
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2008
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:632
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:444
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        8⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        9⤵
        
        PID:14868
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        8⤵
        
        PID:9492
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        9⤵
        
        PID:21092
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        8⤵
        
        PID:13676
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        8⤵
        
        PID:11288
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:7864
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        8⤵
        
        PID:18076
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:13536
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        8⤵
        
        PID:15576
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:10356
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:20796
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:9624
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:11760
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:7940
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:18808
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:16060
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:2748
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:6432
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        8⤵
        
        PID:15704
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:11164
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:20496
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:11212
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:18920
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:15728
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:4024
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:15536
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:9484
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:16176
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:5536
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:11272
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:7448
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:17860
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:11520
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2784
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:2320
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        8⤵
        
        PID:13392
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:9476
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:13652
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:9616
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:13776
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:7732
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:18752
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:13612
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:3952
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:16120
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:9672
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:21084
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:13560
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:5388
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:10572
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:7956
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:17820
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:16224
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:2096
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:3884
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:15356
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:9392
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:13728
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:4576
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:10628
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:7700
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:17812
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:13528
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:3672
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:5872
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:11464
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:8528
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:21028
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:16404
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:4808
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:8604
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:16484
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:6888
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:15472
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:9516
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:15720
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1048
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:2228
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:3344
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:11228
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:17764
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:15744
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:4704
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:20736
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:11600
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:6720
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:15520
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:11172
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:20760
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:3092
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:4664
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:10152
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:18880
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:7708
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:18760
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:13716
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:4584
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:8344
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:19920
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:14844
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:6496
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:15480
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:10596
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:20204
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1712
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:3136
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:5208
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:10612
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:7744
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:17756
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:14652
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:4712
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:8396
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:17748
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:15984
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:6736
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:13544
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:11236
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:688
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:4504
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:9876
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:20180
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:20036
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:7428
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:16444
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:11836
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:4480
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:8176
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:17384
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:16500
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:6312
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:15560
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:10588
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:18896
- C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
  "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3008
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1100
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1040
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2036
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        8⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        9⤵
        
        PID:18044
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        8⤵
        
        PID:11536
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        8⤵
        
        PID:11744
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:8796
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        8⤵
        
        PID:17828
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:13944
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:7000
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        8⤵
        
        PID:17180
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:10316
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:20812
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:9684
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        8⤵
        
        PID:18100
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:13636
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:8328
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:20016
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:16200
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:2756
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        8⤵
        
        PID:9608
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        9⤵
        
        PID:18036
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        8⤵
        
        PID:13620
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:10580
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:18888
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:11260
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:20744
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:8308
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:20768
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:16036
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:4072
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:13416
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:9696
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:11768
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:5552
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:10516
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:20172
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:8376
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:17740
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:16232
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:300
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:804
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:8468
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        8⤵
        
        PID:17304
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:16084
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:17320
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:11576
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:4324
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:7536
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:17284
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:13464
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:5804
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:9096
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:17236
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:13644
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:9400
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:13628
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:2640
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:4180
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:17328
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:11592
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:5216
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:11792
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:9128
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:16508
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:3868
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:6400
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:17220
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:11408
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:5964
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:11784
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:8748
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:17868
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:16368
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1968
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2148
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:3192
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:9664
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        8⤵
        
        PID:18728
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:13552
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:7896
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:17852
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:16492
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:4652
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:8320
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:18588
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:16184
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:6684
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:15544
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:11432
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:1736
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:4696
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:10160
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:18872
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:7484
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:18744
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:13708
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:4548
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:8336
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:20720
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:14860
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:6376
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:15504
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:10332
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:20992
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1724
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:3152
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:5324
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:9944
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:17964
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:7836
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:18060
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:13604
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:4668
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:8544
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:20024
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:16376
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:6948
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:16240
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:10380
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:20804
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:1596
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:5000
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:9136
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:16296
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:6744
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:18736
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:11504
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:4532
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:8160
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:16052
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:16516
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:6392
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:9640
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:13660
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:10604
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:20188
- C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
  "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2200
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1644
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1692
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:3252
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:10620
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:17796
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:13684
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:4732
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:8560
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:21036
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:16280
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:6768
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:13400
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:11252
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:1600
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:4956
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:9084
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:16288
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:6864
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:17312
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:11616
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:4488
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:8036
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:18116
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:16216
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:6300
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:15592
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:10364
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:20788
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:292
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:2160
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:4276
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:10556
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:7716
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:17876
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:13520
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:4496
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:8068
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:14036
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:16476
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:6360
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:16112
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:10524
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:20504
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:2636
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:4424
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:8096
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:18768
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:13668
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:6284
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:15496
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:10324
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:21020
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:4280
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:7304
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:17268
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:11752
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:5728
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:13480
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:9104
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:18776
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:13768
- C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
  "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2104
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:3048
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:3288
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:5372
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:11244
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:7972
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:18068
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:16044
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:4644
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:8436
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:16396
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:6656
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:13456
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:9868
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:20140
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:2172
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:4368
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:9288
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:20164
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:17244
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:7440
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:18092
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:11828
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:4556
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:7528
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:19940
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:11552
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:6408
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:13792
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:10540
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:20212
- C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
  "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1448
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:2840
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:5084
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:9072
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:16524
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:6776
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:17252
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:11528
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:4508
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:8008
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:15552
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:14852
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:6324
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:14572
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:10340
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:20780
- C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
  "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
  2⤵
  PID:2316
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:4916
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:8652
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:20008
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:16452
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:7152
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:14580
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:11608
- C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
  "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
  2⤵
  PID:4404
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:7684
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:20156
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:11844
- C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
  "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
  2⤵
  PID:6252
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:15368
- C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
  "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
  2⤵
  PID:9500
- C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
  "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
  2⤵
  PID:16192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\blowjob girls granny .mpg.exe

Filesize
1.8MB

MD5
049d04290e5c5d4b535a9533ff9f2f5c

SHA1
9d5822557ad45de62dbae08eb60e5f59891c23c4

SHA256
27a944b634018ca6f0a4f851924ae2f3ab6cc774f2b5b07035c7ed0aec4ace44

SHA512
675988aea25154178353057c8d90d2876b978c1873aca82af1a132c9793136560190eed78e123478911240521e68f9191bd6871ab0e76876ea160a1a9c228875

Download Submit
memory/292-170-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/292-130-0x0000000004CF0000-0x0000000004D1B000-memory.dmp

Filesize
172KB

Download
memory/300-171-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/444-105-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/444-120-0x0000000004690000-0x00000000046BB000-memory.dmp

Filesize
172KB

Download
memory/444-165-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/632-121-0x0000000005060000-0x000000000508B000-memory.dmp

Filesize
172KB

Download
memory/632-147-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/632-96-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1040-122-0x0000000004F30000-0x0000000004F5B000-memory.dmp

Filesize
172KB

Download
memory/1040-148-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1040-177-0x0000000004F30000-0x0000000004F5B000-memory.dmp

Filesize
172KB

Download
memory/1040-97-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1048-109-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/1048-135-0x0000000004F20000-0x0000000004F4B000-memory.dmp

Filesize
172KB

Download
memory/1048-101-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1048-152-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1100-142-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1100-125-0x0000000004F20000-0x0000000004F4B000-memory.dmp

Filesize
172KB

Download
memory/1100-92-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1448-172-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1448-133-0x0000000004D10000-0x0000000004D3B000-memory.dmp

Filesize
172KB

Download
memory/1488-149-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1488-123-0x0000000004F30000-0x0000000004F5B000-memory.dmp

Filesize
172KB

Download
memory/1488-98-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1516-116-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1532-113-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1640-160-0x0000000005070000-0x000000000509B000-memory.dmp

Filesize
172KB

Download
memory/1640-157-0x0000000005070000-0x000000000509B000-memory.dmp

Filesize
172KB

Download
memory/1640-118-0x0000000005070000-0x000000000509B000-memory.dmp

Filesize
172KB

Download
memory/1640-91-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1640-140-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1644-99-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1644-131-0x0000000004930000-0x000000000495B000-memory.dmp

Filesize
172KB

Download
memory/1644-150-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1692-176-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1692-139-0x0000000002000000-0x000000000202B000-memory.dmp

Filesize
172KB

Download
memory/1712-174-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1720-52-0x0000000005B60000-0x0000000005B8B000-memory.dmp

Filesize
172KB

Download
memory/1720-128-0x0000000005B60000-0x0000000005B8B000-memory.dmp

Filesize
172KB

Download
memory/1720-94-0x0000000005B60000-0x0000000005B8B000-memory.dmp

Filesize
172KB

Download
memory/1720-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1720-136-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1724-107-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1724-175-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1808-104-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1808-163-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1808-114-0x00000000047D0000-0x00000000047FB000-memory.dmp

Filesize
172KB

Download
memory/1968-108-0x0000000004E00000-0x0000000004E2B000-memory.dmp

Filesize
172KB

Download
memory/1968-134-0x0000000004F40000-0x0000000004F6B000-memory.dmp

Filesize
172KB

Download
memory/1968-151-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1968-100-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2008-117-0x0000000005060000-0x000000000508B000-memory.dmp

Filesize
172KB

Download
memory/2008-93-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2008-143-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2036-167-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2036-124-0x0000000004910000-0x000000000493B000-memory.dmp

Filesize
172KB

Download
memory/2044-126-0x0000000004A50000-0x0000000004A7B000-memory.dmp

Filesize
172KB

Download
memory/2044-168-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2104-102-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2104-178-0x0000000004BA0000-0x0000000004BCB000-memory.dmp

Filesize
172KB

Download
memory/2104-110-0x0000000004BA0000-0x0000000004BCB000-memory.dmp

Filesize
172KB

Download
memory/2104-156-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2148-179-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2168-164-0x0000000005080000-0x00000000050AB000-memory.dmp

Filesize
172KB

Download
memory/2200-145-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2200-127-0x00000000045E0000-0x000000000460B000-memory.dmp

Filesize
172KB

Download
memory/2200-95-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2228-144-0x0000000004BF0000-0x0000000004C1B000-memory.dmp

Filesize
172KB

Download
memory/2228-181-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2256-112-0x0000000004CE0000-0x0000000004D0B000-memory.dmp

Filesize
172KB

Download
memory/2256-158-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2516-115-0x0000000004E30000-0x0000000004E5B000-memory.dmp

Filesize
172KB

Download
memory/2516-146-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2516-103-0x0000000004E20000-0x0000000004E4B000-memory.dmp

Filesize
172KB

Download
memory/2680-138-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2680-180-0x0000000004F30000-0x0000000004F5B000-memory.dmp

Filesize
172KB

Download
memory/2748-173-0x00000000050A0000-0x00000000050CB000-memory.dmp

Filesize
172KB

Download
memory/2760-137-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2760-53-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2760-89-0x0000000004F80000-0x0000000004FAB000-memory.dmp

Filesize
172KB

Download
memory/2760-129-0x0000000004F80000-0x0000000004FAB000-memory.dmp

Filesize
172KB

Download
memory/2784-119-0x0000000004E10000-0x0000000004E3B000-memory.dmp

Filesize
172KB

Download
memory/2784-106-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2784-166-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3008-132-0x0000000004F30000-0x0000000004F5B000-memory.dmp

Filesize
172KB

Download
memory/3008-90-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3040-169-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3048-182-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3048-141-0x0000000004F30000-0x0000000004F5B000-memory.dmp

Filesize
172KB

Download
memory/3568-154-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3576-153-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3584-155-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3672-161-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3680-159-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3688-162-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download