dcf64ad33ea1e19d158074980ac013aab09fb4788805baee19087b6886253c08

Analysis

max time kernel
20s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
15/07/2024, 00:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

51c74b388dba351e718b071cc9eb2fb0N.exe
Size

1.4MB
MD5

51c74b388dba351e718b071cc9eb2fb0
SHA1

9dafcbb91084c83548617cc61923a4ee5c6f4fbf
SHA256

dcf64ad33ea1e19d158074980ac013aab09fb4788805baee19087b6886253c08
SHA512

7e84178281d78ea8a5d5aedbf663fb13ce68266570f4b022713f3de628f4e9709a8fd5ade356d727a8c3b2a45334c4507a2e077b2805669897c338800bc0d1b6
SSDEEP

24576:86JiKbJf+kTUTGLCx2YaB5dAsPS3B/7xVjX9flGazgHabk4jDJQTUfx8bMBCjpdx:5xbJf+kEGynaXAsPedL3Ajo2g58UCjpL

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	51c74b388dba351e718b071cc9eb2fb0N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\J:	51c74b388dba351e718b071cc9eb2fb0N.exe
File opened (read-only)	\??\M:	51c74b388dba351e718b071cc9eb2fb0N.exe
File opened (read-only)	\??\P:	51c74b388dba351e718b071cc9eb2fb0N.exe
File opened (read-only)	\??\U:	51c74b388dba351e718b071cc9eb2fb0N.exe
File opened (read-only)	\??\W:	51c74b388dba351e718b071cc9eb2fb0N.exe
File opened (read-only)	\??\Y:	51c74b388dba351e718b071cc9eb2fb0N.exe
File opened (read-only)	\??\B:	51c74b388dba351e718b071cc9eb2fb0N.exe
File opened (read-only)	\??\E:	51c74b388dba351e718b071cc9eb2fb0N.exe
File opened (read-only)	\??\Z:	51c74b388dba351e718b071cc9eb2fb0N.exe
File opened (read-only)	\??\K:	51c74b388dba351e718b071cc9eb2fb0N.exe
File opened (read-only)	\??\R:	51c74b388dba351e718b071cc9eb2fb0N.exe
File opened (read-only)	\??\T:	51c74b388dba351e718b071cc9eb2fb0N.exe
File opened (read-only)	\??\X:	51c74b388dba351e718b071cc9eb2fb0N.exe
File opened (read-only)	\??\O:	51c74b388dba351e718b071cc9eb2fb0N.exe
File opened (read-only)	\??\S:	51c74b388dba351e718b071cc9eb2fb0N.exe
File opened (read-only)	\??\H:	51c74b388dba351e718b071cc9eb2fb0N.exe
File opened (read-only)	\??\I:	51c74b388dba351e718b071cc9eb2fb0N.exe
File opened (read-only)	\??\L:	51c74b388dba351e718b071cc9eb2fb0N.exe
File opened (read-only)	\??\N:	51c74b388dba351e718b071cc9eb2fb0N.exe
File opened (read-only)	\??\Q:	51c74b388dba351e718b071cc9eb2fb0N.exe
File opened (read-only)	\??\V:	51c74b388dba351e718b071cc9eb2fb0N.exe
File opened (read-only)	\??\A:	51c74b388dba351e718b071cc9eb2fb0N.exe
File opened (read-only)	\??\G:	51c74b388dba351e718b071cc9eb2fb0N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\danish kicking uncut vagina (Sonja,Sarah).mpeg.exe	51c74b388dba351e718b071cc9eb2fb0N.exe
File created	C:\Windows\System32\DriverStore\Temp\black lesbian action [free] traffic .mpg.exe	51c74b388dba351e718b071cc9eb2fb0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\fucking bukkake girls ash hairy .zip.exe	51c74b388dba351e718b071cc9eb2fb0N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\bukkake fetish [free] .avi.exe	51c74b388dba351e718b071cc9eb2fb0N.exe
File created	C:\Windows\SysWOW64\IME\shared\black xxx masturbation glans ejaculation .mpg.exe	51c74b388dba351e718b071cc9eb2fb0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\danish bukkake uncut .mpeg.exe	51c74b388dba351e718b071cc9eb2fb0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\british gang bang animal several models sm .avi.exe	51c74b388dba351e718b071cc9eb2fb0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\italian nude hot (!) girly (Kathrin).avi.exe	51c74b388dba351e718b071cc9eb2fb0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\malaysia lesbian beastiality lesbian titts latex .zip.exe	51c74b388dba351e718b071cc9eb2fb0N.exe
File created	C:\Windows\SysWOW64\IME\shared\german sperm kicking public boots .zip.exe	51c74b388dba351e718b071cc9eb2fb0N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\fucking trambling licking castration (Ashley).zip.exe	51c74b388dba351e718b071cc9eb2fb0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\japanese bukkake big vagina .rar.exe	51c74b388dba351e718b071cc9eb2fb0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\fucking full movie .rar.exe	51c74b388dba351e718b071cc9eb2fb0N.exe
File created	C:\Program Files (x86)\Google\Temp\danish nude nude [milf] glans (Sonja).avi.exe	51c74b388dba351e718b071cc9eb2fb0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\german blowjob [bangbus] .mpg.exe	51c74b388dba351e718b071cc9eb2fb0N.exe
File created	C:\Program Files\DVD Maker\Shared\italian fetish sperm [milf] circumcision (Britney).avi.exe	51c74b388dba351e718b071cc9eb2fb0N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\russian cumshot horse big .zip.exe	51c74b388dba351e718b071cc9eb2fb0N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\black nude beastiality hot (!) feet mistress .zip.exe	51c74b388dba351e718b071cc9eb2fb0N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\cum beastiality big boobs femdom .mpeg.exe	51c74b388dba351e718b071cc9eb2fb0N.exe
File created	C:\Program Files\Windows Journal\Templates\gay licking latex .zip.exe	51c74b388dba351e718b071cc9eb2fb0N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\handjob nude lesbian girly .avi.exe	51c74b388dba351e718b071cc9eb2fb0N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\chinese fucking [bangbus] ash (Tatjana).mpeg.exe	51c74b388dba351e718b071cc9eb2fb0N.exe
File created	C:\Program Files (x86)\Google\Update\Download\black gang bang horse several models (Janette).avi.exe	51c74b388dba351e718b071cc9eb2fb0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\tyrkish sperm sperm hot (!) hotel .rar.exe	51c74b388dba351e718b071cc9eb2fb0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\kicking action sleeping ash penetration .rar.exe	51c74b388dba351e718b071cc9eb2fb0N.exe

Drops file in Windows directory 37 IoCs

description	ioc	Process
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\gang bang nude voyeur young .avi.exe	51c74b388dba351e718b071cc9eb2fb0N.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\malaysia handjob lesbian bondage (Janette,Christine).zip.exe	51c74b388dba351e718b071cc9eb2fb0N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\tyrkish gay hidden bedroom (Curtney,Anniston).zip.exe	51c74b388dba351e718b071cc9eb2fb0N.exe
File created	C:\Windows\assembly\temp\indian cumshot kicking catfight feet beautyfull .mpeg.exe	51c74b388dba351e718b071cc9eb2fb0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\british handjob uncut .mpeg.exe	51c74b388dba351e718b071cc9eb2fb0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\american bukkake handjob hidden lady .zip.exe	51c74b388dba351e718b071cc9eb2fb0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\norwegian nude girls wifey (Anniston).mpg.exe	51c74b388dba351e718b071cc9eb2fb0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\japanese horse lesbian femdom (Samantha).rar.exe	51c74b388dba351e718b071cc9eb2fb0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\african fetish lingerie hidden ash pregnant (Liz,Melissa).rar.exe	51c74b388dba351e718b071cc9eb2fb0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\horse beast voyeur mature .zip.exe	51c74b388dba351e718b071cc9eb2fb0N.exe
File created	C:\Windows\Downloaded Program Files\beast catfight .mpg.exe	51c74b388dba351e718b071cc9eb2fb0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\fetish licking ash (Sonja,Janette).mpeg.exe	51c74b388dba351e718b071cc9eb2fb0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\kicking [milf] nipples .mpg.exe	51c74b388dba351e718b071cc9eb2fb0N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\american fetish uncut fishy .rar.exe	51c74b388dba351e718b071cc9eb2fb0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\swedish lesbian voyeur bondage (Britney,Jenna).zip.exe	51c74b388dba351e718b071cc9eb2fb0N.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\danish lingerie kicking public shoes .mpeg.exe	51c74b388dba351e718b071cc9eb2fb0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\african action uncut shower .mpeg.exe	51c74b388dba351e718b071cc9eb2fb0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\tyrkish gay hidden mature .avi.exe	51c74b388dba351e718b071cc9eb2fb0N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\beastiality sperm hidden .rar.exe	51c74b388dba351e718b071cc9eb2fb0N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\german handjob kicking hot (!) glans .avi.exe	51c74b388dba351e718b071cc9eb2fb0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\canadian blowjob full movie glans young .rar.exe	51c74b388dba351e718b071cc9eb2fb0N.exe
File created	C:\Windows\assembly\tmp\trambling horse [bangbus] shoes .zip.exe	51c74b388dba351e718b071cc9eb2fb0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\british blowjob sleeping feet .rar.exe	51c74b388dba351e718b071cc9eb2fb0N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\tyrkish action public boobs ash .avi.exe	51c74b388dba351e718b071cc9eb2fb0N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\handjob several models nipples ash .avi.exe	51c74b388dba351e718b071cc9eb2fb0N.exe
File created	C:\Windows\PLA\Templates\animal several models high heels (Sonja,Christine).mpeg.exe	51c74b388dba351e718b071cc9eb2fb0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\horse lesbian titts .mpg.exe	51c74b388dba351e718b071cc9eb2fb0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\sperm girls upskirt .zip.exe	51c74b388dba351e718b071cc9eb2fb0N.exe
File created	C:\Windows\mssrv.exe	51c74b388dba351e718b071cc9eb2fb0N.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\british animal girls feet .zip.exe	51c74b388dba351e718b071cc9eb2fb0N.exe
File created	C:\Windows\security\templates\kicking action [bangbus] upskirt .zip.exe	51c74b388dba351e718b071cc9eb2fb0N.exe
File created	C:\Windows\SoftwareDistribution\Download\horse gang bang hidden .zip.exe	51c74b388dba351e718b071cc9eb2fb0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\tyrkish action hardcore licking .avi.exe	51c74b388dba351e718b071cc9eb2fb0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\russian blowjob cumshot girls titts .avi.exe	51c74b388dba351e718b071cc9eb2fb0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\porn nude [bangbus] vagina .mpeg.exe	51c74b388dba351e718b071cc9eb2fb0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\brasilian lingerie gay lesbian feet girly .mpeg.exe	51c74b388dba351e718b071cc9eb2fb0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\gay licking penetration (Jenna).mpeg.exe	51c74b388dba351e718b071cc9eb2fb0N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2424	51c74b388dba351e718b071cc9eb2fb0N.exe
2816	51c74b388dba351e718b071cc9eb2fb0N.exe
2424	51c74b388dba351e718b071cc9eb2fb0N.exe
2144	51c74b388dba351e718b071cc9eb2fb0N.exe
2920	51c74b388dba351e718b071cc9eb2fb0N.exe
2816	51c74b388dba351e718b071cc9eb2fb0N.exe
2424	51c74b388dba351e718b071cc9eb2fb0N.exe
3008	51c74b388dba351e718b071cc9eb2fb0N.exe
1504	51c74b388dba351e718b071cc9eb2fb0N.exe
3004	51c74b388dba351e718b071cc9eb2fb0N.exe
2920	51c74b388dba351e718b071cc9eb2fb0N.exe
2816	51c74b388dba351e718b071cc9eb2fb0N.exe
2144	51c74b388dba351e718b071cc9eb2fb0N.exe
1112	51c74b388dba351e718b071cc9eb2fb0N.exe
2424	51c74b388dba351e718b071cc9eb2fb0N.exe
2504	51c74b388dba351e718b071cc9eb2fb0N.exe
2756	51c74b388dba351e718b071cc9eb2fb0N.exe
2920	51c74b388dba351e718b071cc9eb2fb0N.exe
1504	51c74b388dba351e718b071cc9eb2fb0N.exe
2092	51c74b388dba351e718b071cc9eb2fb0N.exe
2816	51c74b388dba351e718b071cc9eb2fb0N.exe
332	51c74b388dba351e718b071cc9eb2fb0N.exe
2144	51c74b388dba351e718b071cc9eb2fb0N.exe
1708	51c74b388dba351e718b071cc9eb2fb0N.exe
580	51c74b388dba351e718b071cc9eb2fb0N.exe
3004	51c74b388dba351e718b071cc9eb2fb0N.exe
3008	51c74b388dba351e718b071cc9eb2fb0N.exe
1112	51c74b388dba351e718b071cc9eb2fb0N.exe
2356	51c74b388dba351e718b071cc9eb2fb0N.exe
396	51c74b388dba351e718b071cc9eb2fb0N.exe
2424	51c74b388dba351e718b071cc9eb2fb0N.exe
2876	51c74b388dba351e718b071cc9eb2fb0N.exe
1504	51c74b388dba351e718b071cc9eb2fb0N.exe
2756	51c74b388dba351e718b071cc9eb2fb0N.exe
2280	51c74b388dba351e718b071cc9eb2fb0N.exe
2172	51c74b388dba351e718b071cc9eb2fb0N.exe
2920	51c74b388dba351e718b071cc9eb2fb0N.exe
2024	51c74b388dba351e718b071cc9eb2fb0N.exe
2816	51c74b388dba351e718b071cc9eb2fb0N.exe
1484	51c74b388dba351e718b071cc9eb2fb0N.exe
1112	51c74b388dba351e718b071cc9eb2fb0N.exe
960	51c74b388dba351e718b071cc9eb2fb0N.exe
2144	51c74b388dba351e718b071cc9eb2fb0N.exe
2504	51c74b388dba351e718b071cc9eb2fb0N.exe
3004	51c74b388dba351e718b071cc9eb2fb0N.exe
3008	51c74b388dba351e718b071cc9eb2fb0N.exe
596	51c74b388dba351e718b071cc9eb2fb0N.exe
1996	51c74b388dba351e718b071cc9eb2fb0N.exe
2092	51c74b388dba351e718b071cc9eb2fb0N.exe
1592	51c74b388dba351e718b071cc9eb2fb0N.exe
884	51c74b388dba351e718b071cc9eb2fb0N.exe
2396	51c74b388dba351e718b071cc9eb2fb0N.exe
1788	51c74b388dba351e718b071cc9eb2fb0N.exe
1532	51c74b388dba351e718b071cc9eb2fb0N.exe
1708	51c74b388dba351e718b071cc9eb2fb0N.exe
1708	51c74b388dba351e718b071cc9eb2fb0N.exe
332	51c74b388dba351e718b071cc9eb2fb0N.exe
332	51c74b388dba351e718b071cc9eb2fb0N.exe
992	51c74b388dba351e718b071cc9eb2fb0N.exe
992	51c74b388dba351e718b071cc9eb2fb0N.exe
580	51c74b388dba351e718b071cc9eb2fb0N.exe
580	51c74b388dba351e718b071cc9eb2fb0N.exe
2916	51c74b388dba351e718b071cc9eb2fb0N.exe
2916	51c74b388dba351e718b071cc9eb2fb0N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2424 wrote to memory of 2816	2424	51c74b388dba351e718b071cc9eb2fb0N.exe	30
PID 2424 wrote to memory of 2816	2424	51c74b388dba351e718b071cc9eb2fb0N.exe	30
PID 2424 wrote to memory of 2816	2424	51c74b388dba351e718b071cc9eb2fb0N.exe	30
PID 2424 wrote to memory of 2816	2424	51c74b388dba351e718b071cc9eb2fb0N.exe	30
PID 2816 wrote to memory of 2144	2816	51c74b388dba351e718b071cc9eb2fb0N.exe	31
PID 2816 wrote to memory of 2144	2816	51c74b388dba351e718b071cc9eb2fb0N.exe	31
PID 2816 wrote to memory of 2144	2816	51c74b388dba351e718b071cc9eb2fb0N.exe	31
PID 2816 wrote to memory of 2144	2816	51c74b388dba351e718b071cc9eb2fb0N.exe	31
PID 2424 wrote to memory of 2920	2424	51c74b388dba351e718b071cc9eb2fb0N.exe	32
PID 2424 wrote to memory of 2920	2424	51c74b388dba351e718b071cc9eb2fb0N.exe	32
PID 2424 wrote to memory of 2920	2424	51c74b388dba351e718b071cc9eb2fb0N.exe	32
PID 2424 wrote to memory of 2920	2424	51c74b388dba351e718b071cc9eb2fb0N.exe	32
PID 2920 wrote to memory of 1504	2920	51c74b388dba351e718b071cc9eb2fb0N.exe	34
PID 2920 wrote to memory of 1504	2920	51c74b388dba351e718b071cc9eb2fb0N.exe	34
PID 2920 wrote to memory of 1504	2920	51c74b388dba351e718b071cc9eb2fb0N.exe	34
PID 2920 wrote to memory of 1504	2920	51c74b388dba351e718b071cc9eb2fb0N.exe	34
PID 2816 wrote to memory of 3008	2816	51c74b388dba351e718b071cc9eb2fb0N.exe	35
PID 2816 wrote to memory of 3008	2816	51c74b388dba351e718b071cc9eb2fb0N.exe	35
PID 2816 wrote to memory of 3008	2816	51c74b388dba351e718b071cc9eb2fb0N.exe	35
PID 2816 wrote to memory of 3008	2816	51c74b388dba351e718b071cc9eb2fb0N.exe	35
PID 2144 wrote to memory of 3004	2144	51c74b388dba351e718b071cc9eb2fb0N.exe	33
PID 2144 wrote to memory of 3004	2144	51c74b388dba351e718b071cc9eb2fb0N.exe	33
PID 2144 wrote to memory of 3004	2144	51c74b388dba351e718b071cc9eb2fb0N.exe	33
PID 2144 wrote to memory of 3004	2144	51c74b388dba351e718b071cc9eb2fb0N.exe	33
PID 2424 wrote to memory of 1112	2424	51c74b388dba351e718b071cc9eb2fb0N.exe	36
PID 2424 wrote to memory of 1112	2424	51c74b388dba351e718b071cc9eb2fb0N.exe	36
PID 2424 wrote to memory of 1112	2424	51c74b388dba351e718b071cc9eb2fb0N.exe	36
PID 2424 wrote to memory of 1112	2424	51c74b388dba351e718b071cc9eb2fb0N.exe	36
PID 2920 wrote to memory of 2504	2920	51c74b388dba351e718b071cc9eb2fb0N.exe	37
PID 2920 wrote to memory of 2504	2920	51c74b388dba351e718b071cc9eb2fb0N.exe	37
PID 2920 wrote to memory of 2504	2920	51c74b388dba351e718b071cc9eb2fb0N.exe	37
PID 2920 wrote to memory of 2504	2920	51c74b388dba351e718b071cc9eb2fb0N.exe	37
PID 2816 wrote to memory of 2756	2816	51c74b388dba351e718b071cc9eb2fb0N.exe	38
PID 2816 wrote to memory of 2756	2816	51c74b388dba351e718b071cc9eb2fb0N.exe	38
PID 2816 wrote to memory of 2756	2816	51c74b388dba351e718b071cc9eb2fb0N.exe	38
PID 2816 wrote to memory of 2756	2816	51c74b388dba351e718b071cc9eb2fb0N.exe	38
PID 1504 wrote to memory of 2092	1504	51c74b388dba351e718b071cc9eb2fb0N.exe	39
PID 1504 wrote to memory of 2092	1504	51c74b388dba351e718b071cc9eb2fb0N.exe	39
PID 1504 wrote to memory of 2092	1504	51c74b388dba351e718b071cc9eb2fb0N.exe	39
PID 1504 wrote to memory of 2092	1504	51c74b388dba351e718b071cc9eb2fb0N.exe	39
PID 2144 wrote to memory of 1708	2144	51c74b388dba351e718b071cc9eb2fb0N.exe	40
PID 2144 wrote to memory of 1708	2144	51c74b388dba351e718b071cc9eb2fb0N.exe	40
PID 2144 wrote to memory of 1708	2144	51c74b388dba351e718b071cc9eb2fb0N.exe	40
PID 2144 wrote to memory of 1708	2144	51c74b388dba351e718b071cc9eb2fb0N.exe	40
PID 3004 wrote to memory of 332	3004	51c74b388dba351e718b071cc9eb2fb0N.exe	41
PID 3004 wrote to memory of 332	3004	51c74b388dba351e718b071cc9eb2fb0N.exe	41
PID 3004 wrote to memory of 332	3004	51c74b388dba351e718b071cc9eb2fb0N.exe	41
PID 3004 wrote to memory of 332	3004	51c74b388dba351e718b071cc9eb2fb0N.exe	41
PID 3008 wrote to memory of 580	3008	51c74b388dba351e718b071cc9eb2fb0N.exe	42
PID 3008 wrote to memory of 580	3008	51c74b388dba351e718b071cc9eb2fb0N.exe	42
PID 3008 wrote to memory of 580	3008	51c74b388dba351e718b071cc9eb2fb0N.exe	42
PID 3008 wrote to memory of 580	3008	51c74b388dba351e718b071cc9eb2fb0N.exe	42
PID 1112 wrote to memory of 396	1112	51c74b388dba351e718b071cc9eb2fb0N.exe	43
PID 1112 wrote to memory of 396	1112	51c74b388dba351e718b071cc9eb2fb0N.exe	43
PID 1112 wrote to memory of 396	1112	51c74b388dba351e718b071cc9eb2fb0N.exe	43
PID 1112 wrote to memory of 396	1112	51c74b388dba351e718b071cc9eb2fb0N.exe	43
PID 2424 wrote to memory of 2356	2424	51c74b388dba351e718b071cc9eb2fb0N.exe	44
PID 2424 wrote to memory of 2356	2424	51c74b388dba351e718b071cc9eb2fb0N.exe	44
PID 2424 wrote to memory of 2356	2424	51c74b388dba351e718b071cc9eb2fb0N.exe	44
PID 2424 wrote to memory of 2356	2424	51c74b388dba351e718b071cc9eb2fb0N.exe	44
PID 1504 wrote to memory of 2280	1504	51c74b388dba351e718b071cc9eb2fb0N.exe	45
PID 1504 wrote to memory of 2280	1504	51c74b388dba351e718b071cc9eb2fb0N.exe	45
PID 1504 wrote to memory of 2280	1504	51c74b388dba351e718b071cc9eb2fb0N.exe	45
PID 1504 wrote to memory of 2280	1504	51c74b388dba351e718b071cc9eb2fb0N.exe	45

C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
"C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2424
- C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
  "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2816
- - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2144
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:3004
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:332
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        8⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        9⤵
        
        PID:12360
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        8⤵
        
        PID:10112
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        8⤵
        
        PID:7308
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        8⤵
        
        PID:11876
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        8⤵
        
        PID:12320
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:11504
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        8⤵
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        9⤵
        
        PID:13008
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        8⤵
        
        PID:13368
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        8⤵
        
        PID:14068
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:11956
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        8⤵
        
        PID:12336
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:12628
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:12400
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:9984
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1592
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        8⤵
        
        PID:12052
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        8⤵
        
        PID:13316
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:12724
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:13360
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:6416
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:13544
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:10000
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:2624
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        8⤵
        
        PID:12812
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:11948
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:12748
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:12004
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:3560
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:12796
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:11932
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:5192
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:12076
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:10144
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1708
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1788
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        8⤵
        
        PID:12424
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:12756
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        8⤵
        
        PID:13536
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:11868
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:12884
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:11624
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:2788
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:11560
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:12708
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:12216
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:3888
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:12860
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:9260
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:5496
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:12448
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:9892
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1484
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:1372
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:9992
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:12344
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:11908
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:4120
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:7876
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:14044
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:12764
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:5888
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:12556
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:11860
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:2644
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:3936
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:12804
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:12652
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:5740
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:12732
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:11488
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:3568
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:6220
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:12876
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:12044
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:5232
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:12028
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:9508
- - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3008
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:580
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1532
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        8⤵
        
        PID:10168
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:9956
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:9388
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:12968
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:12564
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:568
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:10996
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:13552
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:11924
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:4128
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:9812
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:5344
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:12392
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:12020
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1996
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:1724
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:11512
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:12852
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:12312
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:4156
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:9364
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:5980
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:12772
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:12248
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:2716
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:3980
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:7908
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:12924
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:12700
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:5592
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:12464
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:11520
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:3584
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:6428
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:12844
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:9868
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:5208
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:12368
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:9900
- - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2756
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2876
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:3044
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:11916
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:7364
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        8⤵
        
        PID:12716
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:12692
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:7244
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:13016
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:12012
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:3372
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:12108
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:9544
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:4552
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:9276
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:6140
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:12612
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:11980
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:2456
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:3672
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:12992
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:12900
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:4932
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:11884
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:7260
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:13440
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:11836
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:3380
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:5616
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:12588
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:11456
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:4536
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:9560
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:6516
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:13000
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:12644
- - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2024
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:2672
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:4084
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:7900
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:13352
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:12684
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:5872
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:11688
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:11852
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:3776
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:7292
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:12940
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:11464
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:5380
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:7356
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:12932
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:12868
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:9804
- - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
    3⤵
    PID:860
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:3712
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:6808
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:13224
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:11480
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:5444
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:12352
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:9924
- - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
    3⤵
    PID:3392
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:4940
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:11028
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:7400
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:11892
- - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
    3⤵
    PID:4544
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:9844
- - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
    3⤵
    PID:6444
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:13232
- - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
    3⤵
    PID:10104
- C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
  "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2920
- - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1504
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2092
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:596
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        8⤵
        
        PID:12620
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:8016
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        8⤵
        
        PID:12984
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:14120
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:8056
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        8⤵
        
        PID:13344
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:12116
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:12296
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:2732
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        8⤵
        
        PID:13128
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:12432
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:13112
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:11496
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:3608
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:6800
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:11448
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:5200
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:12596
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:9372
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2280
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:1888
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        8⤵
        
        PID:12820
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:12416
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:11988
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:13456
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:12668
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:3424
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:13408
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:11704
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:4616
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:11552
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:5916
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:11672
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:11640
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:1004
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:3696
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:12376
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:12408
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:5528
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:12092
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:9916
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:3308
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:5540
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:14060
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:9380
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:4496
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:9292
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:6524
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:13392
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:12660
- - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2504
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:960
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:1656
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:10160
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:13152
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:11964
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:4140
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:7868
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:13280
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:13024
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:6004
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:13384
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:11900
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:2712
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:3952
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:2604
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:12676
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:5732
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:13164
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:10176
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:3576
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:6180
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:13044
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:12208
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:5320
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:11696
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:10136
- - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2172
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:1988
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:3768
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:13400
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:12472
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:5488
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:12328
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:9284
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:3432
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:5020
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:11940
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:7764
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:12828
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:12480
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:4636
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:10256
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:6056
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:12580
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:12084
- - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
    3⤵
    PID:2428
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:3736
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:7028
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:13120
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:12512
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:5404
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:12232
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:8024
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:14052
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:13376
- - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
    3⤵
    PID:3348
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:5608
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:12456
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:9908
- - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
    3⤵
    PID:4528
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:9852
- - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
    3⤵
    PID:6492
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:13416
- - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
    3⤵
    PID:12604
- C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
  "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1112
- - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:396
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:2352
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:3404
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        7⤵
        
        PID:13424
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:11472
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:4520
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:9356
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:6452
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:12788
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:10120
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:1052
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:4864
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:11664
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:6152
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:13216
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:11996
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:4208
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:8628
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:5996
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:13060
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:12200
- - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:884
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:988
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:5176
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:12304
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:8480
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:14128
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:4260
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:9884
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:6408
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:12960
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:9860
- - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
    3⤵
    PID:2160
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:3964
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:6868
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:13448
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:12636
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:5600
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:12100
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:11528
- - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
    3⤵
    PID:3552
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:6212
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:13248
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:11972
- - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
    3⤵
    PID:4924
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:10928
- - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
    3⤵
    PID:7252
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:12780
- - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
    3⤵
    PID:11844
- C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
  "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2356
- - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2916
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:3336
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:5840
      - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        6⤵
        
        PID:12068
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:11828
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:4512
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:9828
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:7276
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:12240
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:12908
- - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
    3⤵
    PID:2392
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:5076
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:10152
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:7772
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:13272
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:12892
- - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
    3⤵
    PID:4168
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:9836
- - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
    3⤵
    PID:6160
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:12740
- - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
    3⤵
    PID:11632
- C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
  "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:992
- - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
    3⤵
    PID:3268
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:5504
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:12060
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:9876
- - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
    3⤵
    PID:4424
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:11544
- - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
    3⤵
    PID:6132
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:13432
- - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
    3⤵
    PID:12036
- C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
  "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
  2⤵
  PID:1880
- - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
    3⤵
    PID:5052
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:7348
    - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
        5⤵
        
        PID:13188
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:12440
- - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
    3⤵
    PID:7780
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:14160
- - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
    3⤵
    PID:13032
- C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
  "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
  2⤵
  PID:4196
- - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
    3⤵
    PID:7892
  - - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
      "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
      4⤵
      PID:13052
- - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
    3⤵
    PID:12836
- C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
  "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
  2⤵
  PID:5988
- - C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
    3⤵
    PID:12384
- C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe
  "C:\Users\Admin\AppData\Local\Temp\51c74b388dba351e718b071cc9eb2fb0N.exe"
  2⤵
  PID:12224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\handjob nude lesbian girly .avi.exe

Filesize
915KB

MD5
ffffe54966311d03ea17ab2cd6988f41

SHA1
e8a64b6e481c5d4cf8c9bc1e9f58400f8d23090f

SHA256
0c0ac710c02590b81ea6334dc037d2c9c1959d6420a817d901976d6d07c8567c

SHA512
1c907e69d9eadd733cc78a4700f83349f95e8e152ac7ef60193c506b8e018c9d3b8f9042b3196dd8257863317f91783e12d34eaa19e6b6ad89567bd67ae3239c

Download Submit