a47aa599329c6f9f33153c00062e771ccfcc9b7936d81ce49a982d20802dfbad

Analysis

max time kernel
22s
max time network
108s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
15/07/2024, 04:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7c8d96f272d91c0d36fba049645b6c10N.exe
Size

87KB
MD5

7c8d96f272d91c0d36fba049645b6c10
SHA1

5e86fca18152d27a174cdd3074a41b106d1e5832
SHA256

a47aa599329c6f9f33153c00062e771ccfcc9b7936d81ce49a982d20802dfbad
SHA512

f16a31dd3e97f407c346a940b3aa1d070d350ff8e29409bc3871a2045eaa1d2c2a11115eabbe5feb1bcec61bf121bc2831a77b33d217d0d4a702ce76178ef140
SSDEEP

1536:xRVCaKgzbLc54hukfgvYnouy8gbQHKo4NV1Ayj4m/QWR/Rlq88vlnRqPR/1yLOG:bjbLl/gvQoutgbqKo4L1Tj4mYWR/R4n/

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 56 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3040-0-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/files/0x000e000000018678-5.dat	upx
behavioral1/memory/2464-65-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/1200-90-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/2736-91-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/2232-93-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/1168-96-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/2228-95-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/484-98-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/2832-101-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/2532-103-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/2464-104-0x0000000005060000-0x0000000005089000-memory.dmp	upx
behavioral1/memory/2864-105-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/616-106-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/284-108-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/2256-107-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/1240-109-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/2832-111-0x0000000004DE0000-0x0000000004E09000-memory.dmp	upx
behavioral1/memory/2284-113-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/2188-114-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/2396-115-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/2524-116-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/2516-119-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/2420-118-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/2600-117-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/1080-121-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/1968-122-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/852-120-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/772-126-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/1888-127-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/868-130-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/1560-132-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/2384-134-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/2396-135-0x0000000004F20000-0x0000000004F49000-memory.dmp	upx
behavioral1/memory/2784-137-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/2892-142-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/2760-143-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/2216-145-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/2904-147-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/2688-151-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/2948-156-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/2016-155-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/1952-161-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/2720-162-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/2824-168-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/1668-169-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/2916-170-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/3132-172-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/1892-174-0x0000000004F20000-0x0000000004F49000-memory.dmp	upx
behavioral1/memory/3252-176-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/3040-177-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/2464-180-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/1200-183-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/3040-184-0x0000000005AB0000-0x0000000005AD9000-memory.dmp	upx
behavioral1/memory/2736-185-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/3320-186-0x0000000000400000-0x0000000000429000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	7c8d96f272d91c0d36fba049645b6c10N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\I:	7c8d96f272d91c0d36fba049645b6c10N.exe
File opened (read-only)	\??\K:	7c8d96f272d91c0d36fba049645b6c10N.exe
File opened (read-only)	\??\L:	7c8d96f272d91c0d36fba049645b6c10N.exe
File opened (read-only)	\??\M:	7c8d96f272d91c0d36fba049645b6c10N.exe
File opened (read-only)	\??\Q:	7c8d96f272d91c0d36fba049645b6c10N.exe
File opened (read-only)	\??\T:	7c8d96f272d91c0d36fba049645b6c10N.exe
File opened (read-only)	\??\G:	7c8d96f272d91c0d36fba049645b6c10N.exe
File opened (read-only)	\??\H:	7c8d96f272d91c0d36fba049645b6c10N.exe
File opened (read-only)	\??\R:	7c8d96f272d91c0d36fba049645b6c10N.exe
File opened (read-only)	\??\U:	7c8d96f272d91c0d36fba049645b6c10N.exe
File opened (read-only)	\??\W:	7c8d96f272d91c0d36fba049645b6c10N.exe
File opened (read-only)	\??\A:	7c8d96f272d91c0d36fba049645b6c10N.exe
File opened (read-only)	\??\P:	7c8d96f272d91c0d36fba049645b6c10N.exe
File opened (read-only)	\??\S:	7c8d96f272d91c0d36fba049645b6c10N.exe
File opened (read-only)	\??\X:	7c8d96f272d91c0d36fba049645b6c10N.exe
File opened (read-only)	\??\Y:	7c8d96f272d91c0d36fba049645b6c10N.exe
File opened (read-only)	\??\Z:	7c8d96f272d91c0d36fba049645b6c10N.exe
File opened (read-only)	\??\N:	7c8d96f272d91c0d36fba049645b6c10N.exe
File opened (read-only)	\??\O:	7c8d96f272d91c0d36fba049645b6c10N.exe
File opened (read-only)	\??\J:	7c8d96f272d91c0d36fba049645b6c10N.exe
File opened (read-only)	\??\V:	7c8d96f272d91c0d36fba049645b6c10N.exe
File opened (read-only)	\??\B:	7c8d96f272d91c0d36fba049645b6c10N.exe
File opened (read-only)	\??\E:	7c8d96f272d91c0d36fba049645b6c10N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\hardcore [bangbus] cock .zip.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\SysWOW64\FxsTmp\hardcore sleeping .rar.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\indian cum sperm public leather .avi.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\brasilian horse fucking catfight titts upskirt (Curtney).mpeg.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\SysWOW64\IME\shared\brasilian cum bukkake [milf] shower (Britney,Samantha).mpeg.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\indian cumshot bukkake masturbation swallow .mpg.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\System32\DriverStore\Temp\black cum beast lesbian cock .mpg.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\SysWOW64\IME\shared\blowjob uncut hole 40+ (Curtney).mpg.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\gay big shower .mpeg.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\SysWOW64\FxsTmp\tyrkish handjob trambling catfight feet circumcision .avi.exe	7c8d96f272d91c0d36fba049645b6c10N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Journal\Templates\danish beastiality fucking [milf] hole .zip.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Program Files (x86)\Google\Temp\japanese horse xxx [free] .zip.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\indian horse horse catfight glans .mpg.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\fucking big glans boots (Janette).mpeg.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\lesbian girls 50+ .mpeg.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\bukkake big hole .rar.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\danish gang bang fucking girls titts hotel (Janette).mpg.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Program Files (x86)\Google\Update\Download\swedish kicking lingerie girls glans wifey .avi.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\sperm uncut fishy .mpeg.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\swedish horse sperm licking (Janette).mpg.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\indian fetish xxx [milf] feet (Britney,Sylvia).mpeg.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Program Files\DVD Maker\Shared\brasilian horse gay several models (Sarah).avi.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\brasilian handjob fucking lesbian YEâPSè& (Ashley,Janette).mpg.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\african lingerie [free] (Melissa).mpg.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\japanese beastiality hardcore masturbation titts femdom .mpg.exe	7c8d96f272d91c0d36fba049645b6c10N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\black nude trambling several models feet .mpg.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\gay catfight .mpeg.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\sperm hidden feet traffic (Jade).avi.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\malaysia blowjob sleeping boots .zip.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\asian lingerie [free] castration .mpeg.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\lingerie several models .zip.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\italian nude fucking catfight hole lady .rar.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\horse fucking [bangbus] .rar.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\horse catfight glans redhair .avi.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\french fucking [bangbus] hairy .rar.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\spanish blowjob voyeur glans sweet .rar.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\horse voyeur (Karin).avi.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\gang bang xxx lesbian .zip.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\black fetish lesbian hidden latex .avi.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\horse girls mature (Kathrin,Karin).rar.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\brasilian porn bukkake uncut hole beautyfull .mpg.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\indian nude lingerie public .mpg.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\PLA\Templates\japanese handjob lesbian catfight titts high heels .mpg.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\norwegian beast voyeur black hairunshaved .zip.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\malaysia beast hidden glans pregnant (Sylvia).mpeg.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\italian porn beast voyeur hole .zip.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\mssrv.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\german lingerie voyeur (Curtney).mpg.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\gay voyeur hole sm (Curtney).mpeg.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\assembly\tmp\indian horse fucking hidden YEâPSè& .rar.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\brasilian gang bang lesbian [milf] .avi.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\german trambling full movie hole shower (Janette).mpeg.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\swedish horse sperm [milf] cock stockings (Karin).mpg.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\tyrkish cum trambling masturbation .mpeg.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\winsxs\Temp\trambling [bangbus] sm .rar.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\african trambling licking (Karin).rar.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\british trambling hidden cock boots .mpeg.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\Downloaded Program Files\russian gang bang bukkake public titts .rar.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\swedish porn gay sleeping hole castration .mpg.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\indian porn lingerie hidden .rar.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\chinese trambling masturbation cock .mpg.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\british trambling masturbation gorgeoushorny .mpg.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\tyrkish nude trambling [free] .zip.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\danish beastiality trambling licking .avi.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\asian gay hot (!) girly .rar.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\canadian beast [bangbus] cock boots .mpg.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\french lingerie girls cock shoes .mpg.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\fetish fucking public .avi.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\fetish blowjob big feet latex (Karin).avi.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\sperm hot (!) (Tatjana).mpeg.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\asian blowjob full movie (Tatjana).zip.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\cumshot gay voyeur titts (Christine,Tatjana).zip.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\winsxs\InstallTemp\russian kicking blowjob [milf] hole (Sandy,Karin).rar.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\chinese blowjob licking hole .mpg.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\SoftwareDistribution\Download\tyrkish beastiality beast licking hole circumcision (Samantha).rar.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\lingerie licking .mpg.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\spanish fucking [milf] hole .avi.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\french gay several models .mpeg.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\gay uncut hole stockings (Tatjana).rar.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\hardcore girls .mpeg.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\action lingerie hot (!) ìï (Anniston,Jade).zip.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\hardcore hot (!) wifey .mpeg.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\french xxx full movie lady .zip.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\norwegian bukkake uncut shoes (Ashley,Karin).zip.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\blowjob full movie bondage .zip.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\danish horse xxx lesbian .avi.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\tyrkish nude hardcore [milf] mistress .rar.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\lesbian [bangbus] gorgeoushorny .mpeg.exe	7c8d96f272d91c0d36fba049645b6c10N.exe
File created	C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\handjob hardcore big fishy (Kathrin,Melissa).mpeg.exe	7c8d96f272d91c0d36fba049645b6c10N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3040	7c8d96f272d91c0d36fba049645b6c10N.exe
2464	7c8d96f272d91c0d36fba049645b6c10N.exe
3040	7c8d96f272d91c0d36fba049645b6c10N.exe
1200	7c8d96f272d91c0d36fba049645b6c10N.exe
2736	7c8d96f272d91c0d36fba049645b6c10N.exe
2464	7c8d96f272d91c0d36fba049645b6c10N.exe
3040	7c8d96f272d91c0d36fba049645b6c10N.exe
2232	7c8d96f272d91c0d36fba049645b6c10N.exe
2228	7c8d96f272d91c0d36fba049645b6c10N.exe
1168	7c8d96f272d91c0d36fba049645b6c10N.exe
1200	7c8d96f272d91c0d36fba049645b6c10N.exe
2464	7c8d96f272d91c0d36fba049645b6c10N.exe
484	7c8d96f272d91c0d36fba049645b6c10N.exe
2736	7c8d96f272d91c0d36fba049645b6c10N.exe
3040	7c8d96f272d91c0d36fba049645b6c10N.exe
2832	7c8d96f272d91c0d36fba049645b6c10N.exe
2532	7c8d96f272d91c0d36fba049645b6c10N.exe
2232	7c8d96f272d91c0d36fba049645b6c10N.exe
616	7c8d96f272d91c0d36fba049645b6c10N.exe
2228	7c8d96f272d91c0d36fba049645b6c10N.exe
2864	7c8d96f272d91c0d36fba049645b6c10N.exe
2464	7c8d96f272d91c0d36fba049645b6c10N.exe
2736	7c8d96f272d91c0d36fba049645b6c10N.exe
2256	7c8d96f272d91c0d36fba049645b6c10N.exe
1240	7c8d96f272d91c0d36fba049645b6c10N.exe
1744	7c8d96f272d91c0d36fba049645b6c10N.exe
284	7c8d96f272d91c0d36fba049645b6c10N.exe
1200	7c8d96f272d91c0d36fba049645b6c10N.exe
1168	7c8d96f272d91c0d36fba049645b6c10N.exe
484	7c8d96f272d91c0d36fba049645b6c10N.exe
3040	7c8d96f272d91c0d36fba049645b6c10N.exe
2284	7c8d96f272d91c0d36fba049645b6c10N.exe
2188	7c8d96f272d91c0d36fba049645b6c10N.exe
2524	7c8d96f272d91c0d36fba049645b6c10N.exe
2396	7c8d96f272d91c0d36fba049645b6c10N.exe
2532	7c8d96f272d91c0d36fba049645b6c10N.exe
2228	7c8d96f272d91c0d36fba049645b6c10N.exe
2832	7c8d96f272d91c0d36fba049645b6c10N.exe
2420	7c8d96f272d91c0d36fba049645b6c10N.exe
2600	7c8d96f272d91c0d36fba049645b6c10N.exe
2232	7c8d96f272d91c0d36fba049645b6c10N.exe
2516	7c8d96f272d91c0d36fba049645b6c10N.exe
616	7c8d96f272d91c0d36fba049645b6c10N.exe
852	7c8d96f272d91c0d36fba049645b6c10N.exe
2464	7c8d96f272d91c0d36fba049645b6c10N.exe
2864	7c8d96f272d91c0d36fba049645b6c10N.exe
2736	7c8d96f272d91c0d36fba049645b6c10N.exe
1080	7c8d96f272d91c0d36fba049645b6c10N.exe
1200	7c8d96f272d91c0d36fba049645b6c10N.exe
1968	7c8d96f272d91c0d36fba049645b6c10N.exe
1964	7c8d96f272d91c0d36fba049645b6c10N.exe
1168	7c8d96f272d91c0d36fba049645b6c10N.exe
1688	7c8d96f272d91c0d36fba049645b6c10N.exe
1688	7c8d96f272d91c0d36fba049645b6c10N.exe
484	7c8d96f272d91c0d36fba049645b6c10N.exe
484	7c8d96f272d91c0d36fba049645b6c10N.exe
1892	7c8d96f272d91c0d36fba049645b6c10N.exe
1892	7c8d96f272d91c0d36fba049645b6c10N.exe
1504	7c8d96f272d91c0d36fba049645b6c10N.exe
1504	7c8d96f272d91c0d36fba049645b6c10N.exe
772	7c8d96f272d91c0d36fba049645b6c10N.exe
772	7c8d96f272d91c0d36fba049645b6c10N.exe
1888	7c8d96f272d91c0d36fba049645b6c10N.exe
1888	7c8d96f272d91c0d36fba049645b6c10N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3040 wrote to memory of 2464	3040	7c8d96f272d91c0d36fba049645b6c10N.exe	29
PID 3040 wrote to memory of 2464	3040	7c8d96f272d91c0d36fba049645b6c10N.exe	29
PID 3040 wrote to memory of 2464	3040	7c8d96f272d91c0d36fba049645b6c10N.exe	29
PID 3040 wrote to memory of 2464	3040	7c8d96f272d91c0d36fba049645b6c10N.exe	29
PID 2464 wrote to memory of 1200	2464	7c8d96f272d91c0d36fba049645b6c10N.exe	30
PID 2464 wrote to memory of 1200	2464	7c8d96f272d91c0d36fba049645b6c10N.exe	30
PID 2464 wrote to memory of 1200	2464	7c8d96f272d91c0d36fba049645b6c10N.exe	30
PID 2464 wrote to memory of 1200	2464	7c8d96f272d91c0d36fba049645b6c10N.exe	30
PID 3040 wrote to memory of 2736	3040	7c8d96f272d91c0d36fba049645b6c10N.exe	31
PID 3040 wrote to memory of 2736	3040	7c8d96f272d91c0d36fba049645b6c10N.exe	31
PID 3040 wrote to memory of 2736	3040	7c8d96f272d91c0d36fba049645b6c10N.exe	31
PID 3040 wrote to memory of 2736	3040	7c8d96f272d91c0d36fba049645b6c10N.exe	31
PID 1200 wrote to memory of 2232	1200	7c8d96f272d91c0d36fba049645b6c10N.exe	32
PID 1200 wrote to memory of 2232	1200	7c8d96f272d91c0d36fba049645b6c10N.exe	32
PID 1200 wrote to memory of 2232	1200	7c8d96f272d91c0d36fba049645b6c10N.exe	32
PID 1200 wrote to memory of 2232	1200	7c8d96f272d91c0d36fba049645b6c10N.exe	32
PID 2464 wrote to memory of 2228	2464	7c8d96f272d91c0d36fba049645b6c10N.exe	33
PID 2464 wrote to memory of 2228	2464	7c8d96f272d91c0d36fba049645b6c10N.exe	33
PID 2464 wrote to memory of 2228	2464	7c8d96f272d91c0d36fba049645b6c10N.exe	33
PID 2464 wrote to memory of 2228	2464	7c8d96f272d91c0d36fba049645b6c10N.exe	33
PID 2736 wrote to memory of 1168	2736	7c8d96f272d91c0d36fba049645b6c10N.exe	34
PID 2736 wrote to memory of 1168	2736	7c8d96f272d91c0d36fba049645b6c10N.exe	34
PID 2736 wrote to memory of 1168	2736	7c8d96f272d91c0d36fba049645b6c10N.exe	34
PID 2736 wrote to memory of 1168	2736	7c8d96f272d91c0d36fba049645b6c10N.exe	34
PID 3040 wrote to memory of 484	3040	7c8d96f272d91c0d36fba049645b6c10N.exe	35
PID 3040 wrote to memory of 484	3040	7c8d96f272d91c0d36fba049645b6c10N.exe	35
PID 3040 wrote to memory of 484	3040	7c8d96f272d91c0d36fba049645b6c10N.exe	35
PID 3040 wrote to memory of 484	3040	7c8d96f272d91c0d36fba049645b6c10N.exe	35
PID 2232 wrote to memory of 2832	2232	7c8d96f272d91c0d36fba049645b6c10N.exe	36
PID 2232 wrote to memory of 2832	2232	7c8d96f272d91c0d36fba049645b6c10N.exe	36
PID 2232 wrote to memory of 2832	2232	7c8d96f272d91c0d36fba049645b6c10N.exe	36
PID 2232 wrote to memory of 2832	2232	7c8d96f272d91c0d36fba049645b6c10N.exe	36
PID 2228 wrote to memory of 2532	2228	7c8d96f272d91c0d36fba049645b6c10N.exe	37
PID 2228 wrote to memory of 2532	2228	7c8d96f272d91c0d36fba049645b6c10N.exe	37
PID 2228 wrote to memory of 2532	2228	7c8d96f272d91c0d36fba049645b6c10N.exe	37
PID 2228 wrote to memory of 2532	2228	7c8d96f272d91c0d36fba049645b6c10N.exe	37
PID 1200 wrote to memory of 2864	1200	7c8d96f272d91c0d36fba049645b6c10N.exe	38
PID 1200 wrote to memory of 2864	1200	7c8d96f272d91c0d36fba049645b6c10N.exe	38
PID 1200 wrote to memory of 2864	1200	7c8d96f272d91c0d36fba049645b6c10N.exe	38
PID 1200 wrote to memory of 2864	1200	7c8d96f272d91c0d36fba049645b6c10N.exe	38
PID 2464 wrote to memory of 616	2464	7c8d96f272d91c0d36fba049645b6c10N.exe	39
PID 2464 wrote to memory of 616	2464	7c8d96f272d91c0d36fba049645b6c10N.exe	39
PID 2464 wrote to memory of 616	2464	7c8d96f272d91c0d36fba049645b6c10N.exe	39
PID 2464 wrote to memory of 616	2464	7c8d96f272d91c0d36fba049645b6c10N.exe	39
PID 2736 wrote to memory of 2256	2736	7c8d96f272d91c0d36fba049645b6c10N.exe	40
PID 2736 wrote to memory of 2256	2736	7c8d96f272d91c0d36fba049645b6c10N.exe	40
PID 2736 wrote to memory of 2256	2736	7c8d96f272d91c0d36fba049645b6c10N.exe	40
PID 2736 wrote to memory of 2256	2736	7c8d96f272d91c0d36fba049645b6c10N.exe	40
PID 1168 wrote to memory of 1240	1168	7c8d96f272d91c0d36fba049645b6c10N.exe	41
PID 1168 wrote to memory of 1240	1168	7c8d96f272d91c0d36fba049645b6c10N.exe	41
PID 1168 wrote to memory of 1240	1168	7c8d96f272d91c0d36fba049645b6c10N.exe	41
PID 1168 wrote to memory of 1240	1168	7c8d96f272d91c0d36fba049645b6c10N.exe	41
PID 484 wrote to memory of 284	484	7c8d96f272d91c0d36fba049645b6c10N.exe	42
PID 484 wrote to memory of 284	484	7c8d96f272d91c0d36fba049645b6c10N.exe	42
PID 484 wrote to memory of 284	484	7c8d96f272d91c0d36fba049645b6c10N.exe	42
PID 484 wrote to memory of 284	484	7c8d96f272d91c0d36fba049645b6c10N.exe	42
PID 3040 wrote to memory of 1744	3040	7c8d96f272d91c0d36fba049645b6c10N.exe	43
PID 3040 wrote to memory of 1744	3040	7c8d96f272d91c0d36fba049645b6c10N.exe	43
PID 3040 wrote to memory of 1744	3040	7c8d96f272d91c0d36fba049645b6c10N.exe	43
PID 3040 wrote to memory of 1744	3040	7c8d96f272d91c0d36fba049645b6c10N.exe	43
PID 2532 wrote to memory of 2284	2532	7c8d96f272d91c0d36fba049645b6c10N.exe	45
PID 2532 wrote to memory of 2284	2532	7c8d96f272d91c0d36fba049645b6c10N.exe	45
PID 2532 wrote to memory of 2284	2532	7c8d96f272d91c0d36fba049645b6c10N.exe	45
PID 2532 wrote to memory of 2284	2532	7c8d96f272d91c0d36fba049645b6c10N.exe	45

C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
"C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3040
- C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
  "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2464
- - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1200
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2232
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2832
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        8⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        9⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        10⤵
        
        PID:10872
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        10⤵
        
        PID:18632
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        9⤵
        
        PID:8392
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        10⤵
        
        PID:23384
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        9⤵
        
        PID:14784
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        8⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        9⤵
        
        PID:10348
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        9⤵
        
        PID:23340
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        8⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        9⤵
        
        PID:16328
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        8⤵
        
        PID:11588
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        8⤵
        
        PID:24332
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        8⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        9⤵
        
        PID:11828
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        8⤵
        
        PID:8436
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        9⤵
        
        PID:20120
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        8⤵
        
        PID:14896
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        8⤵
        
        PID:9008
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        9⤵
        
        PID:15288
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        8⤵
        
        PID:13024
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        8⤵
        
        PID:16404
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:12224
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        8⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        9⤵
        
        PID:16336
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        8⤵
        
        PID:11660
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        8⤵
        
        PID:11844
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:8444
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        8⤵
        
        PID:23400
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:14888
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        8⤵
        
        PID:13976
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:10824
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:16552
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:10776
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:17688
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:7964
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:22596
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:14904
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2524
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        8⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        9⤵
        
        PID:11860
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        8⤵
        
        PID:9120
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        8⤵
        
        PID:14544
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        8⤵
        
        PID:9408
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        9⤵
        
        PID:16256
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        8⤵
        
        PID:16816
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        8⤵
        
        PID:16440
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:13960
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        8⤵
        
        PID:14592
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:9280
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:15280
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:10360
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:23348
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:7276
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:14040
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:2472
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        8⤵
        
        PID:16512
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:10856
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:18524
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:10232
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:15756
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:8548
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:22008
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:14808
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:3912
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:14472
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:8900
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:16456
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:12976
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:5484
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:11548
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:8060
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:20168
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:14800
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2864
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2600
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        8⤵
        
        PID:8280
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        9⤵
        
        PID:19776
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        8⤵
        
        PID:14880
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        8⤵
        
        PID:16136
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:8908
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        8⤵
        
        PID:16192
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:12952
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:7352
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        8⤵
        
        PID:16224
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:14048
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:14064
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:9728
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:16928
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:2216
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        8⤵
        
        PID:16588
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:10848
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:19816
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:11532
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:24316
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:8884
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:20196
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:12992
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:4012
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:15716
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:11052
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:20604
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:5616
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:10808
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:19860
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:7956
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:16432
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:14872
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1080
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:1952
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:8680
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        8⤵
        
        PID:16176
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:14856
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:14000
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:11148
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:20144
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:4296
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:7900
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:16832
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:14920
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:6112
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:14816
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:9712
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:16896
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:2660
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:4048
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:7180
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:15312
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:13080
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:5792
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:14632
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:9736
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:20976
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:16904
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:3772
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:7004
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:15336
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:11684
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:5968
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:11816
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:8876
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:16248
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:12960
- - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2228
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2532
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2284
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        8⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        9⤵
        
        PID:10408
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        9⤵
        
        PID:19800
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        8⤵
        
        PID:8020
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        9⤵
        
        PID:17680
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        8⤵
        
        PID:10768
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        8⤵
        
        PID:19832
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        8⤵
        
        PID:8944
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        9⤵
        
        PID:19236
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        8⤵
        
        PID:13048
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        8⤵
        
        PID:14016
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:12216
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        8⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        9⤵
        
        PID:23392
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        8⤵
        
        PID:14408
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:7976
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        8⤵
        
        PID:16856
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:11644
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:8620
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        8⤵
        
        PID:16160
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:15592
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:16568
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:10816
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:19880
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:1480
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        8⤵
        
        PID:11836
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:8556
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        8⤵
        
        PID:20764
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:15552
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:9236
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:16880
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:7200
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:24032
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:13056
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:3704
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:11852
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:9420
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:23416
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:16936
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:5056
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:9632
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:20984
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:15344
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:7292
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:15740
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:13492
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2396
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:2012
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        8⤵
        
        PID:16912
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:10328
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:16600
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:10888
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:5456
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:14396
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:11732
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:3764
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:14024
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:9672
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:24056
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:18756
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:5148
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:10368
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:24268
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:8048
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:16396
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:11628
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:24352
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:2784
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:3980
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:6464
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:16344
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:9144
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:14536
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:5564
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:10840
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:19824
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:7532
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:20772
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:14424
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:3824
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:5460
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:14480
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:9888
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:14464
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:5356
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:10384
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:7884
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:16352
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:14504
- - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:616
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2420
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:2688
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:8168
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        8⤵
        
        PID:20708
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:10760
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:18616
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:14616
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:10928
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:23356
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:3924
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:16376
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:11604
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:6036
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:11580
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:24324
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:9112
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:3672
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:14416
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:2892
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:3096
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:15764
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:11928
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:5704
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:10880
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:18624
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:8400
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:20756
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:14776
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:3888
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:6292
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:14528
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:10792
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:16560
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:5440
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:10832
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:18532
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:8104
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:20204
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:10752
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:19852
- - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2516
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:1776
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:4832
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:8484
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:20160
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:14864
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:6956
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:16152
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:10904
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:16536
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:4168
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:7220
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:15304
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:13016
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:6028
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:14792
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:9720
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:5184
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:16920
- - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
    3⤵
    PID:2760
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:972
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:7104
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:16144
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:11676
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:5776
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:11596
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:8380
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:14848
- - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
    3⤵
    PID:3896
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:6364
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:14608
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:10920
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:5508
- - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
    3⤵
    PID:5448
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:11800
- - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
    3⤵
    PID:8096
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:19116
- - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
    3⤵
    PID:10728
- - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
    3⤵
    PID:16524
- C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
  "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2736
- - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1168
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1240
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1892
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        8⤵
        
        PID:9976
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        8⤵
        
        PID:14928
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:7708
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        8⤵
        
        PID:22272
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:11700
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:8460
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        8⤵
        
        PID:20616
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:14520
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:16320
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:11652
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:636
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:8852
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        8⤵
        
        PID:19196
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:12968
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:16360
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:10896
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:16544
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:4280
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:16464
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:11708
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:5888
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:14824
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:10296
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:16240
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1964
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:1668
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:9388
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:14440
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:7128
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:16472
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:11760
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:24300
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:4336
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:7908
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:15724
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:10736
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:18540
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:5480
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:13508
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:9864
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:20724
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:16216
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:2704
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:4376
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:7892
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:14772
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:14488
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:6148
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:16480
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:10304
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:16232
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:3940
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:7160
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:15732
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:11156
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:20136
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:6100
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:11808
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:24048
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:8868
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:10716
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:13008
- - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2256
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1888
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:3380
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:10312
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        8⤵
        
        PID:8500
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:16576
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:7560
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:23780
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:10800
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:19808
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:4688
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:8628
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:20176
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:15572
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:6824
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:15748
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:10784
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:17672
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:1748
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:4768
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:9344
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:13244
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:14740
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:7312
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:16168
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:13500
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:4544
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:7716
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:20700
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:14584
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:6620
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:14748
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:8892
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:16184
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:12984
- - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:852
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:2948
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:4516
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:7540
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:20920
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:14576
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:6500
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:14756
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:9128
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:13176
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:14840
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:4124
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:7240
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:23332
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:13000
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:5868
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:14496
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:9880
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:14552
- - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
    3⤵
    PID:2904
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:3864
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:6940
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:15320
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:12196
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:5416
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:14624
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:9288
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:15328
- - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
    3⤵
    PID:3992
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:6540
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:16080
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:8916
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:13032
- - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
    3⤵
    PID:5584
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:11612
- - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
    3⤵
    PID:7508
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:8468
- - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
    3⤵
    PID:14600
- C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
  "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:484
- - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:284
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1504
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:3340
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:10376
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:23364
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:7660
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:19212
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:11716
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:24364
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:4672
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:8732
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:11956
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:6844
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:14764
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:11724
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:3076
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:4176
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:9896
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:14432
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:7080
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:16388
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:11668
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:4416
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:7940
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:20644
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:14936
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:6340
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:13992
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:10936
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:24084
- - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1968
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:2824
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:4120
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:8976
        
        C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        7⤵
        
        PID:16448
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:13064
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:7120
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:15704
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:12208
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:4344
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:7968
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:19228
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:11692
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:6168
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:14032
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:10340
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:19220
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:23312
- - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
    3⤵
    PID:2112
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:4732
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:6744
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:16488
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:10864
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:19844
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:6352
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:16368
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:11740
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:24308
- - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
    3⤵
    PID:4184
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:7260
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:15352
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:13984
- - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
    3⤵
    PID:6016
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:14008
- - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
    3⤵
    PID:9872
- - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
    3⤵
    PID:14456
- C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
  "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1744
- - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:772
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:3320
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:4228
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:10204
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:15368
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:7576
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:17696
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:10912
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:19868
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:4660
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:8472
      - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        6⤵
        
        PID:20992
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:14568
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:6832
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:16424
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:10744
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:18608
- - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
    3⤵
    PID:2916
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:4428
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:9316
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:14448
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:7328
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:16496
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:13040
- - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
    3⤵
    PID:4460
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:7948
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:19768
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:14912
- - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
    3⤵
    PID:6428
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:16808
- - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
    3⤵
    PID:9136
- - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
    3⤵
    PID:14512
- C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
  "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1688
- - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
    3⤵
    PID:3132
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:4564
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:10196
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:16208
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:7596
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:20716
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:11036
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:20128
- - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
    3⤵
    PID:4552
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:8428
    - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
        5⤵
        
        PID:8636
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:14944
- - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
    3⤵
    PID:6580
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:16416
- - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
    3⤵
    PID:9104
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:20188
- - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
    3⤵
    PID:15772
- C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
  "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
  2⤵
  PID:2720
- - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
    3⤵
    PID:5060
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:9172
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:14056
- - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
    3⤵
    PID:7064
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:15296
- - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
    3⤵
    PID:11748
- C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
  "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
  2⤵
  PID:4288
- - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
    3⤵
    PID:7724
  - - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
      4⤵
      PID:16200
- - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
    3⤵
    PID:11100
- - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
    3⤵
    PID:19784
- C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
  "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
  2⤵
  PID:6048
- - C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
    3⤵
    PID:14560
- C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
  "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
  2⤵
  PID:9664
- C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe
  "C:\Users\Admin\AppData\Local\Temp\7c8d96f272d91c0d36fba049645b6c10N.exe"
  2⤵
  PID:16824

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\african lingerie [free] (Melissa).mpg.exe

Filesize
1.6MB

MD5
e739452bf9b0315b3d2f749be537ff24

SHA1
60530a56c298b97d95bf96ae8d011cd6b18cd9f1

SHA256
c9bff6e35abfcd76c7dedc21cf4849cef1a721148a845cb7f2561caa1d6385ed

SHA512
a94c7f674bc4573c91054e754d0a2382eed054c5ffda54570af74d80737c94c3d778fb5c0607afe829c85251b74f8367fcf5aed1a1fa33b8d1b0c612c0188798

Download Submit
C:\debug.txt

Filesize
183B

MD5
be57ab63b9dafc0ac23c677facf5ca82

SHA1
5998e30df98963c3a96fdd3d723b2d2aa8b1d684

SHA256
0f96f64b337539e0eb32c5b96993fd351b0bbfe3fc12eae30bd66f73686691db

SHA512
f257a19428f3701ddd227bda5ad9bf3693174200ae7452e2dfe0a4707bd1fbdffd6ce40e03400e2bfa3068acabf89b432ddb2ae587b9743dbd1d29acf2ca3bc3

Download Submit
memory/284-124-0x00000000045D0000-0x00000000045F9000-memory.dmp

Filesize
164KB

Download
memory/284-108-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/284-167-0x00000000045E0000-0x0000000004609000-memory.dmp

Filesize
164KB

Download
memory/484-98-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/484-157-0x0000000004A70000-0x0000000004A99000-memory.dmp

Filesize
164KB

Download
memory/616-139-0x00000000050A0000-0x00000000050C9000-memory.dmp

Filesize
164KB

Download
memory/616-106-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/772-178-0x0000000005070000-0x0000000005099000-memory.dmp

Filesize
164KB

Download
memory/772-126-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/852-120-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/852-152-0x0000000005080000-0x00000000050A9000-memory.dmp

Filesize
164KB

Download
memory/868-130-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1080-158-0x0000000002020000-0x0000000002049000-memory.dmp

Filesize
164KB

Download
memory/1080-121-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1168-149-0x0000000004F20000-0x0000000004F49000-memory.dmp

Filesize
164KB

Download
memory/1168-96-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1200-92-0x00000000044F0000-0x0000000004519000-memory.dmp

Filesize
164KB

Download
memory/1200-183-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1200-90-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1200-148-0x0000000004510000-0x0000000004539000-memory.dmp

Filesize
164KB

Download
memory/1240-160-0x00000000050B0000-0x00000000050D9000-memory.dmp

Filesize
164KB

Download
memory/1240-109-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1504-182-0x00000000044D0000-0x00000000044F9000-memory.dmp

Filesize
164KB

Download
memory/1560-132-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1668-169-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1688-171-0x0000000005060000-0x0000000005089000-memory.dmp

Filesize
164KB

Download
memory/1744-123-0x0000000005060000-0x0000000005089000-memory.dmp

Filesize
164KB

Download
memory/1744-165-0x0000000005060000-0x0000000005089000-memory.dmp

Filesize
164KB

Download
memory/1888-127-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1892-174-0x0000000004F20000-0x0000000004F49000-memory.dmp

Filesize
164KB

Download
memory/1952-161-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1964-164-0x0000000005070000-0x0000000005099000-memory.dmp

Filesize
164KB

Download
memory/1968-122-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1968-163-0x0000000004BA0000-0x0000000004BC9000-memory.dmp

Filesize
164KB

Download
memory/2016-155-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2188-114-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2188-131-0x00000000045A0000-0x00000000045C9000-memory.dmp

Filesize
164KB

Download
memory/2216-145-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2228-95-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2228-136-0x0000000004620000-0x0000000004649000-memory.dmp

Filesize
164KB

Download
memory/2228-102-0x00000000045A0000-0x00000000045C9000-memory.dmp

Filesize
164KB

Download
memory/2232-93-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2232-140-0x0000000004CF0000-0x0000000004D19000-memory.dmp

Filesize
164KB

Download
memory/2232-100-0x0000000004CE0000-0x0000000004D09000-memory.dmp

Filesize
164KB

Download
memory/2256-166-0x00000000050A0000-0x00000000050C9000-memory.dmp

Filesize
164KB

Download
memory/2256-107-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2256-125-0x00000000045D0000-0x00000000045F9000-memory.dmp

Filesize
164KB

Download
memory/2284-129-0x0000000004F60000-0x0000000004F89000-memory.dmp

Filesize
164KB

Download
memory/2284-113-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2384-134-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2396-135-0x0000000004F20000-0x0000000004F49000-memory.dmp

Filesize
164KB

Download
memory/2396-115-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2420-118-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2420-150-0x0000000005060000-0x0000000005089000-memory.dmp

Filesize
164KB

Download
memory/2464-181-0x0000000004DE0000-0x0000000004E09000-memory.dmp

Filesize
164KB

Download
memory/2464-89-0x0000000004DE0000-0x0000000004E09000-memory.dmp

Filesize
164KB

Download
memory/2464-94-0x0000000005060000-0x0000000005089000-memory.dmp

Filesize
164KB

Download
memory/2464-104-0x0000000005060000-0x0000000005089000-memory.dmp

Filesize
164KB

Download
memory/2464-180-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2464-65-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2464-141-0x0000000005070000-0x0000000005099000-memory.dmp

Filesize
164KB

Download
memory/2516-119-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2516-154-0x00000000047D0000-0x00000000047F9000-memory.dmp

Filesize
164KB

Download
memory/2524-116-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2532-112-0x0000000001F60000-0x0000000001F89000-memory.dmp

Filesize
164KB

Download
memory/2532-133-0x0000000004620000-0x0000000004649000-memory.dmp

Filesize
164KB

Download
memory/2532-103-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2600-153-0x00000000020C0000-0x00000000020E9000-memory.dmp

Filesize
164KB

Download
memory/2600-117-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2688-151-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2720-162-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2736-91-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2736-185-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2736-146-0x0000000005090000-0x00000000050B9000-memory.dmp

Filesize
164KB

Download
memory/2760-143-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2784-137-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2824-168-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2832-111-0x0000000004DE0000-0x0000000004E09000-memory.dmp

Filesize
164KB

Download
memory/2832-138-0x0000000004F20000-0x0000000004F49000-memory.dmp

Filesize
164KB

Download
memory/2832-101-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2832-819-0x00000000051B0000-0x00000000051D9000-memory.dmp

Filesize
164KB

Download
memory/2864-144-0x0000000004F50000-0x0000000004F79000-memory.dmp

Filesize
164KB

Download
memory/2864-105-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2892-142-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2904-147-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2916-170-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2948-156-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/3040-177-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/3040-179-0x0000000004ED0000-0x0000000004EF9000-memory.dmp

Filesize
164KB

Download
memory/3040-159-0x0000000006350000-0x0000000006379000-memory.dmp

Filesize
164KB

Download
memory/3040-64-0x0000000004ED0000-0x0000000004EF9000-memory.dmp

Filesize
164KB

Download
memory/3040-184-0x0000000005AB0000-0x0000000005AD9000-memory.dmp

Filesize
164KB

Download
memory/3040-0-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/3040-97-0x0000000006160000-0x0000000006189000-memory.dmp

Filesize
164KB

Download
memory/3132-172-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/3252-176-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/3320-186-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download