d77163ec8bb9f07931df41e2829c029278bad6383d1bf433f16ef7c5715427c2

Analysis

max time kernel
11s
max time network
16s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
15/07/2024, 12:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d617aaabce8f6afc707ee7ed5f164420N.exe
Size

1.6MB
MD5

d617aaabce8f6afc707ee7ed5f164420
SHA1

8b2e482d0cfb24b9ec5ce959413f8dd8da877e09
SHA256

d77163ec8bb9f07931df41e2829c029278bad6383d1bf433f16ef7c5715427c2
SHA512

2201deb69b59597cd02c7c04cc797f988f98e11fc82fc3e937a059fd9ba2c0adc244bf4433d6dcead4bdce9191054bc58b3f93b1dc10a5e044fce118088c1a44
SSDEEP

24576:86wQP2YMBAS3s8Dk4FZKdvvcNQXzs2TlSI+11SYTKIlExRfZy7T+HdrdM4g+VNLY:5wnZgR1RzsolUDSYuI0RfkehS4xfbxe

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	d617aaabce8f6afc707ee7ed5f164420N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\I:	d617aaabce8f6afc707ee7ed5f164420N.exe
File opened (read-only)	\??\J:	d617aaabce8f6afc707ee7ed5f164420N.exe
File opened (read-only)	\??\L:	d617aaabce8f6afc707ee7ed5f164420N.exe
File opened (read-only)	\??\N:	d617aaabce8f6afc707ee7ed5f164420N.exe
File opened (read-only)	\??\O:	d617aaabce8f6afc707ee7ed5f164420N.exe
File opened (read-only)	\??\P:	d617aaabce8f6afc707ee7ed5f164420N.exe
File opened (read-only)	\??\G:	d617aaabce8f6afc707ee7ed5f164420N.exe
File opened (read-only)	\??\S:	d617aaabce8f6afc707ee7ed5f164420N.exe
File opened (read-only)	\??\V:	d617aaabce8f6afc707ee7ed5f164420N.exe
File opened (read-only)	\??\B:	d617aaabce8f6afc707ee7ed5f164420N.exe
File opened (read-only)	\??\H:	d617aaabce8f6afc707ee7ed5f164420N.exe
File opened (read-only)	\??\M:	d617aaabce8f6afc707ee7ed5f164420N.exe
File opened (read-only)	\??\Q:	d617aaabce8f6afc707ee7ed5f164420N.exe
File opened (read-only)	\??\U:	d617aaabce8f6afc707ee7ed5f164420N.exe
File opened (read-only)	\??\Y:	d617aaabce8f6afc707ee7ed5f164420N.exe
File opened (read-only)	\??\E:	d617aaabce8f6afc707ee7ed5f164420N.exe
File opened (read-only)	\??\K:	d617aaabce8f6afc707ee7ed5f164420N.exe
File opened (read-only)	\??\R:	d617aaabce8f6afc707ee7ed5f164420N.exe
File opened (read-only)	\??\T:	d617aaabce8f6afc707ee7ed5f164420N.exe
File opened (read-only)	\??\W:	d617aaabce8f6afc707ee7ed5f164420N.exe
File opened (read-only)	\??\X:	d617aaabce8f6afc707ee7ed5f164420N.exe
File opened (read-only)	\??\Z:	d617aaabce8f6afc707ee7ed5f164420N.exe
File opened (read-only)	\??\A:	d617aaabce8f6afc707ee7ed5f164420N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\american gang bang several models .mpg.exe	d617aaabce8f6afc707ee7ed5f164420N.exe
File created	C:\Program Files (x86)\Google\Temp\russian porn blowjob sleeping balls .rar.exe	d617aaabce8f6afc707ee7ed5f164420N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\spanish lesbian sperm licking titts granny .mpeg.exe	d617aaabce8f6afc707ee7ed5f164420N.exe
File created	C:\Program Files (x86)\Google\Update\Download\russian kicking sleeping YEâPSè& .mpg.exe	d617aaabce8f6afc707ee7ed5f164420N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\chinese beastiality lesbian licking boobs penetration .mpeg.exe	d617aaabce8f6afc707ee7ed5f164420N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\swedish beastiality lesbian uncut (Jenna,Ashley).zip.exe	d617aaabce8f6afc707ee7ed5f164420N.exe
File created	C:\Program Files\DVD Maker\Shared\tyrkish sperm [milf] (Ashley,Christine).mpg.exe	d617aaabce8f6afc707ee7ed5f164420N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\british horse sperm hidden girly .mpeg.exe	d617aaabce8f6afc707ee7ed5f164420N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\beastiality hidden feet blondie .mpeg.exe	d617aaabce8f6afc707ee7ed5f164420N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\spanish animal bukkake full movie .mpg.exe	d617aaabce8f6afc707ee7ed5f164420N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\german blowjob lesbian feet hotel .mpeg.exe	d617aaabce8f6afc707ee7ed5f164420N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\gang bang full movie (Gina).zip.exe	d617aaabce8f6afc707ee7ed5f164420N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\british beastiality hidden hole .mpg.exe	d617aaabce8f6afc707ee7ed5f164420N.exe
File created	C:\Program Files\Windows Journal\Templates\gay big (Janette,Christine).mpeg.exe	d617aaabce8f6afc707ee7ed5f164420N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\horse action full movie vagina 50+ (Liz,Melissa).zip.exe	d617aaabce8f6afc707ee7ed5f164420N.exe

Drops file in Windows directory 19 IoCs

description	ioc	Process
File created	C:\Windows\mssrv.exe	d617aaabce8f6afc707ee7ed5f164420N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\hardcore lesbian .mpg.exe	d617aaabce8f6afc707ee7ed5f164420N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\cum sleeping granny .zip.exe	d617aaabce8f6afc707ee7ed5f164420N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\black xxx lesbian boots (Samantha,Sylvia).rar.exe	d617aaabce8f6afc707ee7ed5f164420N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\italian lesbian horse lesbian shower .mpg.exe	d617aaabce8f6afc707ee7ed5f164420N.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\sperm lesbian .avi.exe	d617aaabce8f6afc707ee7ed5f164420N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\tyrkish cumshot lesbian granny .zip.exe	d617aaabce8f6afc707ee7ed5f164420N.exe
File created	C:\Windows\assembly\temp\black gang bang lingerie lesbian wifey .mpeg.exe	d617aaabce8f6afc707ee7ed5f164420N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\tyrkish horse blowjob catfight nipples .mpg.exe	d617aaabce8f6afc707ee7ed5f164420N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\beast lingerie [bangbus] .mpeg.exe	d617aaabce8f6afc707ee7ed5f164420N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\nude animal voyeur femdom .rar.exe	d617aaabce8f6afc707ee7ed5f164420N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\black gay sperm licking hole blondie .zip.exe	d617aaabce8f6afc707ee7ed5f164420N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\handjob several models ash 40+ (Sonja).mpg.exe	d617aaabce8f6afc707ee7ed5f164420N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\british trambling masturbation (Liz,Tatjana).rar.exe	d617aaabce8f6afc707ee7ed5f164420N.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\action voyeur blondie (Sonja,Curtney).zip.exe	d617aaabce8f6afc707ee7ed5f164420N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\lesbian catfight cock swallow .rar.exe	d617aaabce8f6afc707ee7ed5f164420N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\action [bangbus] girly (Melissa,Karin).avi.exe	d617aaabce8f6afc707ee7ed5f164420N.exe
File created	C:\Windows\assembly\tmp\animal fetish full movie .mpeg.exe	d617aaabce8f6afc707ee7ed5f164420N.exe
File created	C:\Windows\Downloaded Program Files\animal horse lesbian high heels (Jade,Melissa).rar.exe	d617aaabce8f6afc707ee7ed5f164420N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 31 IoCs

pid	Process
2548	d617aaabce8f6afc707ee7ed5f164420N.exe
2224	d617aaabce8f6afc707ee7ed5f164420N.exe
2548	d617aaabce8f6afc707ee7ed5f164420N.exe
1592	d617aaabce8f6afc707ee7ed5f164420N.exe
2808	d617aaabce8f6afc707ee7ed5f164420N.exe
2224	d617aaabce8f6afc707ee7ed5f164420N.exe
2548	d617aaabce8f6afc707ee7ed5f164420N.exe
3048	d617aaabce8f6afc707ee7ed5f164420N.exe
3056	d617aaabce8f6afc707ee7ed5f164420N.exe
2256	d617aaabce8f6afc707ee7ed5f164420N.exe
2216	d617aaabce8f6afc707ee7ed5f164420N.exe
1592	d617aaabce8f6afc707ee7ed5f164420N.exe
2808	d617aaabce8f6afc707ee7ed5f164420N.exe
2224	d617aaabce8f6afc707ee7ed5f164420N.exe
2548	d617aaabce8f6afc707ee7ed5f164420N.exe
1656	d617aaabce8f6afc707ee7ed5f164420N.exe
1592	d617aaabce8f6afc707ee7ed5f164420N.exe
2224	d617aaabce8f6afc707ee7ed5f164420N.exe
2524	d617aaabce8f6afc707ee7ed5f164420N.exe
2548	d617aaabce8f6afc707ee7ed5f164420N.exe
3048	d617aaabce8f6afc707ee7ed5f164420N.exe
1700	d617aaabce8f6afc707ee7ed5f164420N.exe
2808	d617aaabce8f6afc707ee7ed5f164420N.exe
1232	d617aaabce8f6afc707ee7ed5f164420N.exe
2012	d617aaabce8f6afc707ee7ed5f164420N.exe
1988	d617aaabce8f6afc707ee7ed5f164420N.exe
2216	d617aaabce8f6afc707ee7ed5f164420N.exe
640	d617aaabce8f6afc707ee7ed5f164420N.exe
2256	d617aaabce8f6afc707ee7ed5f164420N.exe
2600	d617aaabce8f6afc707ee7ed5f164420N.exe
3056	d617aaabce8f6afc707ee7ed5f164420N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2548 wrote to memory of 2224	2548	d617aaabce8f6afc707ee7ed5f164420N.exe	29
PID 2548 wrote to memory of 2224	2548	d617aaabce8f6afc707ee7ed5f164420N.exe	29
PID 2548 wrote to memory of 2224	2548	d617aaabce8f6afc707ee7ed5f164420N.exe	29
PID 2548 wrote to memory of 2224	2548	d617aaabce8f6afc707ee7ed5f164420N.exe	29
PID 2548 wrote to memory of 1592	2548	d617aaabce8f6afc707ee7ed5f164420N.exe	31
PID 2548 wrote to memory of 1592	2548	d617aaabce8f6afc707ee7ed5f164420N.exe	31
PID 2548 wrote to memory of 1592	2548	d617aaabce8f6afc707ee7ed5f164420N.exe	31
PID 2548 wrote to memory of 1592	2548	d617aaabce8f6afc707ee7ed5f164420N.exe	31
PID 2224 wrote to memory of 2808	2224	d617aaabce8f6afc707ee7ed5f164420N.exe	30
PID 2224 wrote to memory of 2808	2224	d617aaabce8f6afc707ee7ed5f164420N.exe	30
PID 2224 wrote to memory of 2808	2224	d617aaabce8f6afc707ee7ed5f164420N.exe	30
PID 2224 wrote to memory of 2808	2224	d617aaabce8f6afc707ee7ed5f164420N.exe	30
PID 2808 wrote to memory of 3048	2808	d617aaabce8f6afc707ee7ed5f164420N.exe	32
PID 2808 wrote to memory of 3048	2808	d617aaabce8f6afc707ee7ed5f164420N.exe	32
PID 2808 wrote to memory of 3048	2808	d617aaabce8f6afc707ee7ed5f164420N.exe	32
PID 2808 wrote to memory of 3048	2808	d617aaabce8f6afc707ee7ed5f164420N.exe	32
PID 1592 wrote to memory of 2216	1592	d617aaabce8f6afc707ee7ed5f164420N.exe	35
PID 1592 wrote to memory of 2216	1592	d617aaabce8f6afc707ee7ed5f164420N.exe	35
PID 1592 wrote to memory of 2216	1592	d617aaabce8f6afc707ee7ed5f164420N.exe	35
PID 1592 wrote to memory of 2216	1592	d617aaabce8f6afc707ee7ed5f164420N.exe	35
PID 2224 wrote to memory of 2256	2224	d617aaabce8f6afc707ee7ed5f164420N.exe	33
PID 2224 wrote to memory of 2256	2224	d617aaabce8f6afc707ee7ed5f164420N.exe	33
PID 2224 wrote to memory of 2256	2224	d617aaabce8f6afc707ee7ed5f164420N.exe	33
PID 2224 wrote to memory of 2256	2224	d617aaabce8f6afc707ee7ed5f164420N.exe	33
PID 2548 wrote to memory of 3056	2548	d617aaabce8f6afc707ee7ed5f164420N.exe	34
PID 2548 wrote to memory of 3056	2548	d617aaabce8f6afc707ee7ed5f164420N.exe	34
PID 2548 wrote to memory of 3056	2548	d617aaabce8f6afc707ee7ed5f164420N.exe	34
PID 2548 wrote to memory of 3056	2548	d617aaabce8f6afc707ee7ed5f164420N.exe	34
PID 1592 wrote to memory of 1656	1592	d617aaabce8f6afc707ee7ed5f164420N.exe	36
PID 1592 wrote to memory of 1656	1592	d617aaabce8f6afc707ee7ed5f164420N.exe	36
PID 1592 wrote to memory of 1656	1592	d617aaabce8f6afc707ee7ed5f164420N.exe	36
PID 1592 wrote to memory of 1656	1592	d617aaabce8f6afc707ee7ed5f164420N.exe	36
PID 3048 wrote to memory of 1700	3048	d617aaabce8f6afc707ee7ed5f164420N.exe	37
PID 3048 wrote to memory of 1700	3048	d617aaabce8f6afc707ee7ed5f164420N.exe	37
PID 3048 wrote to memory of 1700	3048	d617aaabce8f6afc707ee7ed5f164420N.exe	37
PID 3048 wrote to memory of 1700	3048	d617aaabce8f6afc707ee7ed5f164420N.exe	37
PID 2224 wrote to memory of 2524	2224	d617aaabce8f6afc707ee7ed5f164420N.exe	38
PID 2224 wrote to memory of 2524	2224	d617aaabce8f6afc707ee7ed5f164420N.exe	38
PID 2224 wrote to memory of 2524	2224	d617aaabce8f6afc707ee7ed5f164420N.exe	38
PID 2224 wrote to memory of 2524	2224	d617aaabce8f6afc707ee7ed5f164420N.exe	38
PID 2808 wrote to memory of 1232	2808	d617aaabce8f6afc707ee7ed5f164420N.exe	39
PID 2808 wrote to memory of 1232	2808	d617aaabce8f6afc707ee7ed5f164420N.exe	39
PID 2808 wrote to memory of 1232	2808	d617aaabce8f6afc707ee7ed5f164420N.exe	39
PID 2808 wrote to memory of 1232	2808	d617aaabce8f6afc707ee7ed5f164420N.exe	39
PID 2548 wrote to memory of 2012	2548	d617aaabce8f6afc707ee7ed5f164420N.exe	40
PID 2548 wrote to memory of 2012	2548	d617aaabce8f6afc707ee7ed5f164420N.exe	40
PID 2548 wrote to memory of 2012	2548	d617aaabce8f6afc707ee7ed5f164420N.exe	40
PID 2548 wrote to memory of 2012	2548	d617aaabce8f6afc707ee7ed5f164420N.exe	40
PID 2216 wrote to memory of 1988	2216	d617aaabce8f6afc707ee7ed5f164420N.exe	41
PID 2216 wrote to memory of 1988	2216	d617aaabce8f6afc707ee7ed5f164420N.exe	41
PID 2216 wrote to memory of 1988	2216	d617aaabce8f6afc707ee7ed5f164420N.exe	41
PID 2216 wrote to memory of 1988	2216	d617aaabce8f6afc707ee7ed5f164420N.exe	41
PID 3056 wrote to memory of 2600	3056	d617aaabce8f6afc707ee7ed5f164420N.exe	42
PID 3056 wrote to memory of 2600	3056	d617aaabce8f6afc707ee7ed5f164420N.exe	42
PID 3056 wrote to memory of 2600	3056	d617aaabce8f6afc707ee7ed5f164420N.exe	42
PID 3056 wrote to memory of 2600	3056	d617aaabce8f6afc707ee7ed5f164420N.exe	42
PID 2256 wrote to memory of 640	2256	d617aaabce8f6afc707ee7ed5f164420N.exe	43
PID 2256 wrote to memory of 640	2256	d617aaabce8f6afc707ee7ed5f164420N.exe	43
PID 2256 wrote to memory of 640	2256	d617aaabce8f6afc707ee7ed5f164420N.exe	43
PID 2256 wrote to memory of 640	2256	d617aaabce8f6afc707ee7ed5f164420N.exe	43
PID 1592 wrote to memory of 1588	1592	d617aaabce8f6afc707ee7ed5f164420N.exe	44
PID 1592 wrote to memory of 1588	1592	d617aaabce8f6afc707ee7ed5f164420N.exe	44
PID 1592 wrote to memory of 1588	1592	d617aaabce8f6afc707ee7ed5f164420N.exe	44
PID 1592 wrote to memory of 1588	1592	d617aaabce8f6afc707ee7ed5f164420N.exe	44

C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
"C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2548
- C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
  "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2224
- - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
    "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2808
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:3048
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1700
      - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        6⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        7⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        8⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        9⤵
        
        PID:7624
        
        C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        9⤵
        
        PID:11356
        
        C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        8⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        8⤵
        
        PID:11852
        
        C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        7⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        8⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        9⤵
        
        PID:11308
        
        C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        8⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        8⤵
        
        PID:11924
        
        C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        7⤵
        
        PID:5144
      - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        6⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        7⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        8⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        8⤵
        
        PID:6984
        
        C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        8⤵
        
        PID:11876
        
        C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        7⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        7⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        7⤵
        
        PID:11908
      - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        6⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        7⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        8⤵
        
        PID:11268
      - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        6⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        7⤵
        
        PID:11656
      - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        6⤵
        
        PID:6968
      - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        6⤵
        
        PID:2528
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:2460
      - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        6⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        7⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        8⤵
        
        PID:7988
        
        C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        7⤵
        
        PID:11516
      - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        6⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        7⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        7⤵
        
        PID:3952
      - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        6⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        7⤵
        
        PID:11284
      - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        6⤵
        
        PID:6912
      - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        6⤵
        
        PID:11700
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:2540
      - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        6⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        7⤵
        
        PID:5620
      - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        6⤵
        
        PID:5628
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:3332
      - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        6⤵
        
        PID:5768
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:4256
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:7308
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1232
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:2300
      - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        6⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        7⤵
        
        PID:4984
      - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        6⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        7⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        8⤵
        
        PID:1860
      - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        6⤵
        
        PID:5988
      - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        6⤵
        
        PID:6880
      - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        6⤵
        
        PID:3892
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:2200
      - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        6⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        7⤵
        
        PID:7720
      - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        6⤵
        
        PID:5408
      - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        6⤵
        
        PID:11468
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:3664
      - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        6⤵
        
        PID:11444
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:5184
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:7120
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:11900
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:3004
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:2872
      - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        6⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        7⤵
        
        PID:7752
        
        C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        7⤵
        
        PID:3364
      - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        6⤵
        
        PID:5360
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:3540
      - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        6⤵
        
        PID:6624
      - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        6⤵
        
        PID:11752
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:4504
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:9204
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:2020
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:3900
      - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        6⤵
        
        PID:7572
      - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        6⤵
        
        PID:11436
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:5540
      - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        6⤵
        
        PID:11276
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:3316
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:5612
      - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        6⤵
        
        PID:11300
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:6920
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:11860
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:4584
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:11116
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:11524
- - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
    "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2256
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:640
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:1052
      - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        6⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        7⤵
        
        PID:6232
      - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        6⤵
        
        PID:4796
      - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        6⤵
        
        PID:7128
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:2728
      - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        6⤵
        
        PID:4836
      - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        6⤵
        
        PID:6888
      - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        6⤵
        
        PID:11036
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:3996
      - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        6⤵
        
        PID:11124
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:6196
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:2184
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:3104
      - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        6⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        7⤵
        
        PID:11380
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:4392
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:8984
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:2840
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:4524
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:6496
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:11088
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:3792
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:5352
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:7112
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:11372
- - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
    "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2524
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:2320
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:2648
      - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        6⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        7⤵
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        7⤵
        
        PID:11428
      - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        6⤵
        
        PID:6024
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:3944
      - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        6⤵
        
        PID:3692
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:6116
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:11784
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:2796
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:4408
      - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        6⤵
        
        PID:7632
      - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        6⤵
        
        PID:368
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:6976
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:11868
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:3656
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:6704
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:11708
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:5344
- - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
    "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
    3⤵
    PID:2992
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:2360
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:3956
      - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        6⤵
        
        PID:5848
      - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        6⤵
        
        PID:11044
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:6124
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:11716
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:3324
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:7024
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:4612
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:11364
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:11452
- - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
    "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
    3⤵
    PID:612
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:3784
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:7584
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:5192
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:4520
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:6856
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:11332
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:11412
- - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
    "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
    3⤵
    PID:3220
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:6428
- - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
    "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
    3⤵
    PID:4456
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:7744
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:11884
- - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
    "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
    3⤵
    PID:6864
- - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
    "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
    3⤵
    PID:2700
- C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
  "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1592
- - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
    "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2216
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1988
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:1360
      - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        6⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        7⤵
        
        PID:6560
      - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        6⤵
        
        PID:4620
      - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        6⤵
        
        PID:11500
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:388
      - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        6⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        7⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        7⤵
        
        PID:1328
      - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        6⤵
        
        PID:2156
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:3228
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:6528
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:11100
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:2248
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:3116
      - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        6⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        7⤵
        
        PID:11348
      - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        6⤵
        
        PID:11776
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:4300
      - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        6⤵
        
        PID:11292
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:6512
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:2668
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:4328
      - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        6⤵
        
        PID:7712
      - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        6⤵
        
        PID:11892
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:7464
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:3832
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:5792
      - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        6⤵
        
        PID:11340
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:11768
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:5368
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:6948
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:11760
- - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
    "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1656
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:1792
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:2868
      - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        6⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        7⤵
        
        PID:7728
        
        C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        7⤵
        
        PID:2404
      - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        6⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        7⤵
        
        PID:11324
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:3548
      - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        6⤵
        
        PID:11476
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:4448
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:6848
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:11388
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:3012
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:3824
      - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        6⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        7⤵
        
        PID:2196
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:5920
      - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        6⤵
        
        PID:11404
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:7008
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:3240
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:3252
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:6212
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:4596
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:10892
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:3052
- - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
    "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
    3⤵
    PID:1588
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:2332
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:3844
      - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        6⤵
        
        PID:11460
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:5400
      - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        6⤵
        
        PID:2904
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:3296
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:5928
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:6928
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:11916
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:4604
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:11492
- - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
    "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
    3⤵
    PID:876
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:3740
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:11484
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:5416
- - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
    "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
    3⤵
    PID:3204
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:6008
- - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
    "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
    3⤵
    PID:4532
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:7696
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:2100
- - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
    "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
    3⤵
    PID:6504
- - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
    "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
    3⤵
    PID:11396
- C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
  "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3056
- - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
    "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2600
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:1324
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:3420
      - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        6⤵
        
        PID:6840
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:4804
      - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        6⤵
        
        PID:11180
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:6904
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:11108
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:2912
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:4904
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:7000
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:11932
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:4060
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:7592
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:5384
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:3088
- - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
    "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
    3⤵
    PID:824
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:3132
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:5044
      - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        6⤵
        
        PID:11420
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:6896
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:11136
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:4292
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:6696
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:11736
- - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
    "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
    3⤵
    PID:2732
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:4512
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:7704
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:1364
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:6488
- - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
    "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
    3⤵
    PID:3768
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:3404
- - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
    "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
    3⤵
    PID:5468
- C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
  "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2012
- - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
    "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
    3⤵
    PID:276
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:3244
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:5804
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:11744
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:4472
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:11508
- - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
    "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
    3⤵
    PID:320
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:4916
- - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
    "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
    3⤵
    PID:4068
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:6188
    - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
        5⤵
        
        PID:11316
- - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
    "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
    3⤵
    PID:7016
- C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
  "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
  2⤵
  PID:844
- - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
    "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
    3⤵
    PID:2288
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:4320
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:6520
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:4312
- - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
    "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
    3⤵
    PID:3532
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:11648
- - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
    "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
    3⤵
    PID:4876
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:11164
- - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
    "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
    3⤵
    PID:6872
- - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
    "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
    3⤵
    PID:3020
- C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
  "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
  2⤵
  PID:1316
- - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
    "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
    3⤵
    PID:3760
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:7688
  - - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
      "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
      4⤵
      PID:396
- - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
    "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
    3⤵
    PID:5424
- C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
  "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
  2⤵
  PID:3212
- - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
    "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
    3⤵
    PID:5552
- C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
  "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
  2⤵
  PID:4492
- - C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
    "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
    3⤵
    PID:10884
- C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe
  "C:\Users\Admin\AppData\Local\Temp\d617aaabce8f6afc707ee7ed5f164420N.exe"
  2⤵
  PID:8960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\spanish lesbian sperm licking titts granny .mpeg.exe

Filesize
1.6MB

MD5
03904aa236df2c89a98f146c8a9f3134

SHA1
2ce6ad51a4589497cf9c0d68ed9a984270fd79c2

SHA256
9b7a30ce003bb3c794373aa138819fc145f1133326f5df9a200c2df6292aed92

SHA512
6486c7cb18c1a9593cfdaf83cc495ad66aa44ef0d0c7c4c2a0138ac3a4b266cc8aa42fc1befa6fc2874ba317e10990e3142ede5c820501371f930e234dde3807

Download Submit