ac3bb0b39be8b180cac69de86bb8096660380f1953a75c0838ff7d2599f8f0a4

Analysis

max time kernel
23s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
15/07/2024, 14:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ef80372a78cbb7d2a546956c44076c40N.exe
Size

1.3MB
MD5

ef80372a78cbb7d2a546956c44076c40
SHA1

a31eb0adb8849be51c05cf91e3ef9adcb79525cd
SHA256

ac3bb0b39be8b180cac69de86bb8096660380f1953a75c0838ff7d2599f8f0a4
SHA512

00910e531405680a6791fa0d87251be1d58ee24c7e6e6c9c454fecd18784eafd4ba3fff5be9e83252a66a6fc14c43dfcf364719a7b0678d0c47a3128d7739ceb
SSDEEP

24576:86rJbRud2y1Wd1lTH/4xKmEEqU3cFziIg9kU9X3I7L/snry01CayhZo1:5rJtq1Wd1lTH/4AmE5U3cFxMk2X3I7gl

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	ef80372a78cbb7d2a546956c44076c40N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\N:	ef80372a78cbb7d2a546956c44076c40N.exe
File opened (read-only)	\??\O:	ef80372a78cbb7d2a546956c44076c40N.exe
File opened (read-only)	\??\P:	ef80372a78cbb7d2a546956c44076c40N.exe
File opened (read-only)	\??\Q:	ef80372a78cbb7d2a546956c44076c40N.exe
File opened (read-only)	\??\R:	ef80372a78cbb7d2a546956c44076c40N.exe
File opened (read-only)	\??\B:	ef80372a78cbb7d2a546956c44076c40N.exe
File opened (read-only)	\??\E:	ef80372a78cbb7d2a546956c44076c40N.exe
File opened (read-only)	\??\H:	ef80372a78cbb7d2a546956c44076c40N.exe
File opened (read-only)	\??\U:	ef80372a78cbb7d2a546956c44076c40N.exe
File opened (read-only)	\??\W:	ef80372a78cbb7d2a546956c44076c40N.exe
File opened (read-only)	\??\X:	ef80372a78cbb7d2a546956c44076c40N.exe
File opened (read-only)	\??\M:	ef80372a78cbb7d2a546956c44076c40N.exe
File opened (read-only)	\??\I:	ef80372a78cbb7d2a546956c44076c40N.exe
File opened (read-only)	\??\J:	ef80372a78cbb7d2a546956c44076c40N.exe
File opened (read-only)	\??\K:	ef80372a78cbb7d2a546956c44076c40N.exe
File opened (read-only)	\??\S:	ef80372a78cbb7d2a546956c44076c40N.exe
File opened (read-only)	\??\T:	ef80372a78cbb7d2a546956c44076c40N.exe
File opened (read-only)	\??\V:	ef80372a78cbb7d2a546956c44076c40N.exe
File opened (read-only)	\??\Y:	ef80372a78cbb7d2a546956c44076c40N.exe
File opened (read-only)	\??\Z:	ef80372a78cbb7d2a546956c44076c40N.exe
File opened (read-only)	\??\A:	ef80372a78cbb7d2a546956c44076c40N.exe
File opened (read-only)	\??\G:	ef80372a78cbb7d2a546956c44076c40N.exe
File opened (read-only)	\??\L:	ef80372a78cbb7d2a546956c44076c40N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\swedish horse handjob hot (!) wifey .avi.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\SysWOW64\FxsTmp\chinese porn sleeping (Sonja).avi.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\chinese beastiality cumshot sleeping .rar.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\SysWOW64\IME\shared\malaysia xxx licking .rar.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\SysWOW64\FxsTmp\canadian animal several models young .avi.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\spanish sperm gay licking shoes (Sonja,Melissa).rar.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\System32\DriverStore\Temp\nude trambling hidden .avi.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\SysWOW64\IME\shared\indian fucking uncut .rar.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\russian handjob animal full movie .avi.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\american nude sleeping boobs hairy (Christine).mpg.exe	ef80372a78cbb7d2a546956c44076c40N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\asian kicking public legs wifey .mpg.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\brasilian lesbian blowjob public .rar.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\japanese handjob action [free] vagina (Jenna).mpg.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\swedish cumshot [milf] .mpg.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Program Files\DVD Maker\Shared\horse bukkake masturbation .avi.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\black nude fucking licking stockings .mpg.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Program Files (x86)\Google\Update\Download\norwegian sperm lesbian gorgeoushorny (Tatjana,Jenna).rar.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\italian bukkake [milf] .mpg.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\british sperm cum [bangbus] lady .avi.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\beast several models boots (Sonja).mpeg.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\german fetish lesbian hidden ash high heels .zip.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\tyrkish trambling gang bang [milf] circumcision (Jenna).rar.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Program Files (x86)\Google\Temp\japanese lingerie horse licking redhair .mpeg.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\beast girls redhair (Sandy).rar.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Program Files\Windows Journal\Templates\british blowjob full movie hole .mpg.exe	ef80372a78cbb7d2a546956c44076c40N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\bukkake several models nipples blondie .mpeg.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\black fetish blowjob [free] nipples (Anniston,Liz).mpg.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\action action girls cock .rar.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\danish animal masturbation ejaculation .mpeg.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\cum gang bang full movie ash (Sonja).zip.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\spanish blowjob trambling big high heels .mpg.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\blowjob sleeping hole .zip.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\SoftwareDistribution\Download\hardcore horse several models .zip.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\norwegian handjob lesbian vagina swallow .rar.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\horse lesbian girly .avi.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\beastiality masturbation feet upskirt (Kathrin,Ashley).avi.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\nude beast voyeur fishy .mpeg.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\handjob public .mpeg.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\norwegian cum nude [bangbus] vagina (Sylvia,Gina).mpg.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\brasilian lesbian porn masturbation hole (Ashley,Sonja).avi.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\blowjob blowjob [bangbus] cock mature .mpg.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\british xxx hidden circumcision .mpeg.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\cumshot several models .mpg.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\nude [bangbus] (Ashley,Liz).avi.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\chinese beast kicking masturbation traffic (Liz).mpg.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\PLA\Templates\lesbian hidden .mpeg.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\british fetish sperm [milf] black hairunshaved (Karin,Tatjana).avi.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\norwegian gang bang beastiality voyeur .avi.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\kicking trambling sleeping stockings .rar.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\gang bang hidden redhair (Liz,Britney).zip.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\kicking masturbation (Kathrin).mpeg.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\french nude action big sweet (Kathrin).zip.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\french blowjob sperm public .mpg.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\tyrkish horse gay [milf] pregnant .avi.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\african xxx gay public (Melissa).avi.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\swedish gay [bangbus] cock upskirt .rar.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\horse sleeping latex (Samantha).mpeg.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\british beastiality [free] young .zip.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\african cum public (Jenna,Jenna).zip.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\chinese trambling cum lesbian .mpg.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\indian hardcore catfight .mpg.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\assembly\temp\italian xxx masturbation .mpeg.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\horse bukkake licking .rar.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\british trambling animal licking ash (Kathrin,Jenna).rar.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\indian porn [milf] bedroom .mpg.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\blowjob sleeping young .avi.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\horse girls glans beautyfull .avi.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\german porn nude full movie .rar.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\danish bukkake horse voyeur granny .avi.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\handjob public legs balls (Ashley,Sylvia).rar.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\african fetish handjob licking redhair .avi.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\gay licking circumcision .zip.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\african trambling lesbian uncut glans wifey (Samantha,Janette).zip.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\sperm sleeping feet lady .mpeg.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\chinese horse horse licking mistress .mpg.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\brasilian sperm lesbian full movie sm .mpg.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\tyrkish action masturbation latex .rar.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\american gang bang lesbian masturbation femdom .mpeg.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\brasilian gang bang xxx [free] feet .avi.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\indian gay blowjob [free] femdom (Liz,Jade).mpg.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\american cumshot [bangbus] bondage .mpg.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\lesbian masturbation ash (Jade).mpeg.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\blowjob fetish catfight sweet (Sonja,Kathrin).zip.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\Downloaded Program Files\italian horse lesbian .avi.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\malaysia cumshot masturbation .mpeg.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\brasilian porn masturbation femdom .rar.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\russian bukkake fetish licking hole shoes .mpeg.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\mssrv.exe	ef80372a78cbb7d2a546956c44076c40N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\hardcore gang bang girls boots .mpg.exe	ef80372a78cbb7d2a546956c44076c40N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2092	ef80372a78cbb7d2a546956c44076c40N.exe
2636	ef80372a78cbb7d2a546956c44076c40N.exe
2092	ef80372a78cbb7d2a546956c44076c40N.exe
2660	ef80372a78cbb7d2a546956c44076c40N.exe
1556	ef80372a78cbb7d2a546956c44076c40N.exe
2636	ef80372a78cbb7d2a546956c44076c40N.exe
2092	ef80372a78cbb7d2a546956c44076c40N.exe
2856	ef80372a78cbb7d2a546956c44076c40N.exe
2424	ef80372a78cbb7d2a546956c44076c40N.exe
1076	ef80372a78cbb7d2a546956c44076c40N.exe
2864	ef80372a78cbb7d2a546956c44076c40N.exe
2660	ef80372a78cbb7d2a546956c44076c40N.exe
1556	ef80372a78cbb7d2a546956c44076c40N.exe
2636	ef80372a78cbb7d2a546956c44076c40N.exe
2092	ef80372a78cbb7d2a546956c44076c40N.exe
1164	ef80372a78cbb7d2a546956c44076c40N.exe
692	ef80372a78cbb7d2a546956c44076c40N.exe
2856	ef80372a78cbb7d2a546956c44076c40N.exe
2368	ef80372a78cbb7d2a546956c44076c40N.exe
3020	ef80372a78cbb7d2a546956c44076c40N.exe
1076	ef80372a78cbb7d2a546956c44076c40N.exe
1988	ef80372a78cbb7d2a546956c44076c40N.exe
2660	ef80372a78cbb7d2a546956c44076c40N.exe
2424	ef80372a78cbb7d2a546956c44076c40N.exe
2456	ef80372a78cbb7d2a546956c44076c40N.exe
1952	ef80372a78cbb7d2a546956c44076c40N.exe
2636	ef80372a78cbb7d2a546956c44076c40N.exe
2092	ef80372a78cbb7d2a546956c44076c40N.exe
2120	ef80372a78cbb7d2a546956c44076c40N.exe
2864	ef80372a78cbb7d2a546956c44076c40N.exe
1556	ef80372a78cbb7d2a546956c44076c40N.exe
1492	ef80372a78cbb7d2a546956c44076c40N.exe
264	ef80372a78cbb7d2a546956c44076c40N.exe
1164	ef80372a78cbb7d2a546956c44076c40N.exe
1868	ef80372a78cbb7d2a546956c44076c40N.exe
1816	ef80372a78cbb7d2a546956c44076c40N.exe
1336	ef80372a78cbb7d2a546956c44076c40N.exe
692	ef80372a78cbb7d2a546956c44076c40N.exe
236	ef80372a78cbb7d2a546956c44076c40N.exe
2856	ef80372a78cbb7d2a546956c44076c40N.exe
624	ef80372a78cbb7d2a546956c44076c40N.exe
1076	ef80372a78cbb7d2a546956c44076c40N.exe
624	ef80372a78cbb7d2a546956c44076c40N.exe
2660	ef80372a78cbb7d2a546956c44076c40N.exe
2660	ef80372a78cbb7d2a546956c44076c40N.exe
1096	ef80372a78cbb7d2a546956c44076c40N.exe
1096	ef80372a78cbb7d2a546956c44076c40N.exe
2092	ef80372a78cbb7d2a546956c44076c40N.exe
2092	ef80372a78cbb7d2a546956c44076c40N.exe
2368	ef80372a78cbb7d2a546956c44076c40N.exe
2368	ef80372a78cbb7d2a546956c44076c40N.exe
1152	ef80372a78cbb7d2a546956c44076c40N.exe
1152	ef80372a78cbb7d2a546956c44076c40N.exe
3020	ef80372a78cbb7d2a546956c44076c40N.exe
3020	ef80372a78cbb7d2a546956c44076c40N.exe
976	ef80372a78cbb7d2a546956c44076c40N.exe
976	ef80372a78cbb7d2a546956c44076c40N.exe
2424	ef80372a78cbb7d2a546956c44076c40N.exe
2424	ef80372a78cbb7d2a546956c44076c40N.exe
2636	ef80372a78cbb7d2a546956c44076c40N.exe
2636	ef80372a78cbb7d2a546956c44076c40N.exe
1388	ef80372a78cbb7d2a546956c44076c40N.exe
1388	ef80372a78cbb7d2a546956c44076c40N.exe
1668	ef80372a78cbb7d2a546956c44076c40N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2092 wrote to memory of 2636	2092	ef80372a78cbb7d2a546956c44076c40N.exe	30
PID 2092 wrote to memory of 2636	2092	ef80372a78cbb7d2a546956c44076c40N.exe	30
PID 2092 wrote to memory of 2636	2092	ef80372a78cbb7d2a546956c44076c40N.exe	30
PID 2092 wrote to memory of 2636	2092	ef80372a78cbb7d2a546956c44076c40N.exe	30
PID 2636 wrote to memory of 2660	2636	ef80372a78cbb7d2a546956c44076c40N.exe	31
PID 2636 wrote to memory of 2660	2636	ef80372a78cbb7d2a546956c44076c40N.exe	31
PID 2636 wrote to memory of 2660	2636	ef80372a78cbb7d2a546956c44076c40N.exe	31
PID 2636 wrote to memory of 2660	2636	ef80372a78cbb7d2a546956c44076c40N.exe	31
PID 2092 wrote to memory of 1556	2092	ef80372a78cbb7d2a546956c44076c40N.exe	32
PID 2092 wrote to memory of 1556	2092	ef80372a78cbb7d2a546956c44076c40N.exe	32
PID 2092 wrote to memory of 1556	2092	ef80372a78cbb7d2a546956c44076c40N.exe	32
PID 2092 wrote to memory of 1556	2092	ef80372a78cbb7d2a546956c44076c40N.exe	32
PID 2660 wrote to memory of 2856	2660	ef80372a78cbb7d2a546956c44076c40N.exe	33
PID 2660 wrote to memory of 2856	2660	ef80372a78cbb7d2a546956c44076c40N.exe	33
PID 2660 wrote to memory of 2856	2660	ef80372a78cbb7d2a546956c44076c40N.exe	33
PID 2660 wrote to memory of 2856	2660	ef80372a78cbb7d2a546956c44076c40N.exe	33
PID 1556 wrote to memory of 2424	1556	ef80372a78cbb7d2a546956c44076c40N.exe	34
PID 1556 wrote to memory of 2424	1556	ef80372a78cbb7d2a546956c44076c40N.exe	34
PID 1556 wrote to memory of 2424	1556	ef80372a78cbb7d2a546956c44076c40N.exe	34
PID 1556 wrote to memory of 2424	1556	ef80372a78cbb7d2a546956c44076c40N.exe	34
PID 2636 wrote to memory of 1076	2636	ef80372a78cbb7d2a546956c44076c40N.exe	35
PID 2636 wrote to memory of 1076	2636	ef80372a78cbb7d2a546956c44076c40N.exe	35
PID 2636 wrote to memory of 1076	2636	ef80372a78cbb7d2a546956c44076c40N.exe	35
PID 2636 wrote to memory of 1076	2636	ef80372a78cbb7d2a546956c44076c40N.exe	35
PID 2092 wrote to memory of 2864	2092	ef80372a78cbb7d2a546956c44076c40N.exe	36
PID 2092 wrote to memory of 2864	2092	ef80372a78cbb7d2a546956c44076c40N.exe	36
PID 2092 wrote to memory of 2864	2092	ef80372a78cbb7d2a546956c44076c40N.exe	36
PID 2092 wrote to memory of 2864	2092	ef80372a78cbb7d2a546956c44076c40N.exe	36
PID 2856 wrote to memory of 1164	2856	ef80372a78cbb7d2a546956c44076c40N.exe	37
PID 2856 wrote to memory of 1164	2856	ef80372a78cbb7d2a546956c44076c40N.exe	37
PID 2856 wrote to memory of 1164	2856	ef80372a78cbb7d2a546956c44076c40N.exe	37
PID 2856 wrote to memory of 1164	2856	ef80372a78cbb7d2a546956c44076c40N.exe	37
PID 1076 wrote to memory of 2368	1076	ef80372a78cbb7d2a546956c44076c40N.exe	38
PID 1076 wrote to memory of 2368	1076	ef80372a78cbb7d2a546956c44076c40N.exe	38
PID 1076 wrote to memory of 2368	1076	ef80372a78cbb7d2a546956c44076c40N.exe	38
PID 1076 wrote to memory of 2368	1076	ef80372a78cbb7d2a546956c44076c40N.exe	38
PID 2424 wrote to memory of 692	2424	ef80372a78cbb7d2a546956c44076c40N.exe	39
PID 2424 wrote to memory of 692	2424	ef80372a78cbb7d2a546956c44076c40N.exe	39
PID 2424 wrote to memory of 692	2424	ef80372a78cbb7d2a546956c44076c40N.exe	39
PID 2424 wrote to memory of 692	2424	ef80372a78cbb7d2a546956c44076c40N.exe	39
PID 2660 wrote to memory of 3020	2660	ef80372a78cbb7d2a546956c44076c40N.exe	40
PID 2660 wrote to memory of 3020	2660	ef80372a78cbb7d2a546956c44076c40N.exe	40
PID 2660 wrote to memory of 3020	2660	ef80372a78cbb7d2a546956c44076c40N.exe	40
PID 2660 wrote to memory of 3020	2660	ef80372a78cbb7d2a546956c44076c40N.exe	40
PID 2864 wrote to memory of 1988	2864	ef80372a78cbb7d2a546956c44076c40N.exe	41
PID 2864 wrote to memory of 1988	2864	ef80372a78cbb7d2a546956c44076c40N.exe	41
PID 2864 wrote to memory of 1988	2864	ef80372a78cbb7d2a546956c44076c40N.exe	41
PID 2864 wrote to memory of 1988	2864	ef80372a78cbb7d2a546956c44076c40N.exe	41
PID 1556 wrote to memory of 1952	1556	ef80372a78cbb7d2a546956c44076c40N.exe	42
PID 1556 wrote to memory of 1952	1556	ef80372a78cbb7d2a546956c44076c40N.exe	42
PID 1556 wrote to memory of 1952	1556	ef80372a78cbb7d2a546956c44076c40N.exe	42
PID 1556 wrote to memory of 1952	1556	ef80372a78cbb7d2a546956c44076c40N.exe	42
PID 2636 wrote to memory of 2456	2636	ef80372a78cbb7d2a546956c44076c40N.exe	43
PID 2636 wrote to memory of 2456	2636	ef80372a78cbb7d2a546956c44076c40N.exe	43
PID 2636 wrote to memory of 2456	2636	ef80372a78cbb7d2a546956c44076c40N.exe	43
PID 2636 wrote to memory of 2456	2636	ef80372a78cbb7d2a546956c44076c40N.exe	43
PID 2092 wrote to memory of 2120	2092	ef80372a78cbb7d2a546956c44076c40N.exe	44
PID 2092 wrote to memory of 2120	2092	ef80372a78cbb7d2a546956c44076c40N.exe	44
PID 2092 wrote to memory of 2120	2092	ef80372a78cbb7d2a546956c44076c40N.exe	44
PID 2092 wrote to memory of 2120	2092	ef80372a78cbb7d2a546956c44076c40N.exe	44
PID 1164 wrote to memory of 1492	1164	ef80372a78cbb7d2a546956c44076c40N.exe	45
PID 1164 wrote to memory of 1492	1164	ef80372a78cbb7d2a546956c44076c40N.exe	45
PID 1164 wrote to memory of 1492	1164	ef80372a78cbb7d2a546956c44076c40N.exe	45
PID 1164 wrote to memory of 1492	1164	ef80372a78cbb7d2a546956c44076c40N.exe	45

C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
"C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2092
- C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
  "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2636
- - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
    "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2660
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2856
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1164
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        8⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        9⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        10⤵
        
        PID:10460
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        10⤵
        
        PID:14064
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        10⤵
        
        PID:23784
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        9⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        9⤵
        
        PID:12688
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        9⤵
        
        PID:22256
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        8⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        9⤵
        
        PID:9504
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        9⤵
        
        PID:21968
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        8⤵
        
        PID:7444
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        8⤵
        
        PID:12068
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        8⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        8⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        9⤵
        
        PID:10596
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        9⤵
        
        PID:14056
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        9⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        8⤵
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        8⤵
        
        PID:12696
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        8⤵
        
        PID:22356
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        8⤵
        
        PID:9616
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        8⤵
        
        PID:20692
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:7480
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        8⤵
        
        PID:17620
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:12052
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:22176
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        8⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        9⤵
        
        PID:10564
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        9⤵
        
        PID:22516
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        8⤵
        
        PID:7832
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        8⤵
        
        PID:20996
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        8⤵
        
        PID:9512
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        9⤵
        
        PID:20924
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        8⤵
        
        PID:22468
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:12748
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:23800
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        8⤵
        
        PID:10484
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        9⤵
        
        PID:20596
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        8⤵
        
        PID:13988
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        8⤵
        
        PID:22052
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:13404
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:23308
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:10396
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:20580
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:7712
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:12724
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:22340
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1868
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        8⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        9⤵
        
        PID:17628
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        8⤵
        
        PID:9900
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        8⤵
        
        PID:22644
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        8⤵
        
        PID:10468
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        8⤵
        
        PID:22500
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:7840
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:20908
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        8⤵
        
        PID:10784
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        8⤵
        
        PID:22428
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:13560
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:22148
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:9692
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:21068
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:7720
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:12624
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:21372
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:316
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:9220
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        8⤵
        
        PID:17676
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:12680
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:22204
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:10972
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:22136
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:8356
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:17708
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:20684
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:3596
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:11604
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:23544
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:8528
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:20892
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:2716
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:5276
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:9804
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:14000
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:21052
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:7744
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:12648
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:22004
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3020
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1336
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        8⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        9⤵
        
        PID:12012
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        9⤵
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        8⤵
        
        PID:9432
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        8⤵
        
        PID:13916
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        8⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        8⤵
        
        PID:10476
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        8⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:12704
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:22324
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        8⤵
        
        PID:11588
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        8⤵
        
        PID:22536
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:8516
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        8⤵
        
        PID:20104
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:20868
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:8816
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:20948
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:7752
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:12664
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:22700
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:2820
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:7876
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:13576
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:22220
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:6656
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:23816
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:11036
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:22168
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:3924
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:6828
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:11272
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:22300
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:5784
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:11052
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:20932
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:8136
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:22484
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:624
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:2756
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:8348
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        8⤵
        
        PID:15788
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:20080
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:14032
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:22748
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:8120
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:20972
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:3824
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:19564
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:8032
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:13396
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:22684
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:5680
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:10956
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:22120
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:8000
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:13380
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:22636
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:2952
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:3968
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:11972
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:22308
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:11564
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:22724
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:5876
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:11080
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:20588
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:8372
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:15960
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:20916
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:3612
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:6064
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:11996
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:23536
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:9032
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:13668
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:5364
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:9984
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:20524
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:7768
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:12732
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:22372
- - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
    "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1076
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2368
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1816
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        8⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        9⤵
        
        PID:20072
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        8⤵
        
        PID:9860
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        9⤵
        
        PID:14096
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        8⤵
        
        PID:21076
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        8⤵
        
        PID:10828
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        9⤵
        
        PID:20604
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        8⤵
        
        PID:22348
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:7824
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:13428
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:7556
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        8⤵
        
        PID:11876
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        8⤵
        
        PID:22076
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:9660
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:20652
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:9836
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        8⤵
        
        PID:20548
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:21556
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:7520
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:13540
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:21880
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:2720
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:7640
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:12672
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:22060
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:11944
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:21712
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:9884
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:21104
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:3848
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:13776
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:22012
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:9956
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:21548
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:5720
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:10840
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:21952
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:8040
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:20540
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:236
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:2200
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:8444
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        8⤵
        
        PID:14112
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:20700
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:19584
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:11572
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:3764
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:3856
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:20112
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:10800
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:22196
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:5696
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:10444
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:20096
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:7944
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:20556
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:2524
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:3884
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:21440
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:11044
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:21976
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:5672
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:10584
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:4148
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:8016
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:13420
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:22944
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:3604
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:5960
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:11632
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:22436
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:9648
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:20668
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:5340
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:9828
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:21540
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:7760
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:12656
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:22264
- - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
    "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2456
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1668
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:3024
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:9452
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:22492
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:7320
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:12104
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:22628
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:4388
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:8452
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:17668
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:20716
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:6936
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:17636
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:8908
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:20876
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:2684
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:4688
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:9096
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:13616
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:22212
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:7304
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:12120
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:22508
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:4200
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:7664
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:23824
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:13636
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:6352
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:10964
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:3976
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:9724
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:20088
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:20940
- - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
    "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:976
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:2624
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:4564
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:8872
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:20636
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:7120
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:20128
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:9468
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:20884
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:4012
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:7428
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:20676
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:12044
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:22128
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:6076
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:11616
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:2060
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:9024
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:13660
- - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
    "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
    3⤵
    PID:2644
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:4420
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:8052
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:13388
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:5012
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:6900
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:23792
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:11316
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:3760
- - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
    "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
    3⤵
    PID:4036
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:7212
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:21120
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:11580
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:22716
- - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
    "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
    3⤵
    PID:6092
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:16764
- - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
    "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
    3⤵
    PID:9016
- - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
    "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
    3⤵
    PID:13592
- - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
    "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
    3⤵
    PID:21912
- C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
  "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1556
- - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
    "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2424
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:692
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:264
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        8⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        9⤵
        
        PID:10544
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        9⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        8⤵
        
        PID:7848
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        8⤵
        
        PID:13652
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        8⤵
        
        PID:10404
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        8⤵
        
        PID:22332
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:12632
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:22276
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        8⤵
        
        PID:10980
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        8⤵
        
        PID:22068
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:8380
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        8⤵
        
        PID:14088
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:20980
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:8952
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:20660
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:7528
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:21036
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:12756
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:23808
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:2020
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        8⤵
        
        PID:11624
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        8⤵
        
        PID:22112
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:9008
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:21864
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:10452
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:14040
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:6108
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:7800
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:12716
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:2100
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:3572
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:10940
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:21896
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:8404
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:17684
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:20612
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:5244
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:9852
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:22476
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:7728
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:12640
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:22460
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1152
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:2640
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:8692
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:14048
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:6588
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:21152
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:11556
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:22660
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:4208
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:7912
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:12740
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:22364
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:6360
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:11348
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:22144
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:9916
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:21136
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:1456
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:4368
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:7860
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:13552
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:21960
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:6752
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:12984
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:4272
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:10948
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:22396
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:3980
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:7132
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:9480
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:21432
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:5904
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:11644
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:22284
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:8388
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:17700
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:1800
- - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
    "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1952
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:1532
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:3312
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:9704
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:21888
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:23936
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:12960
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:22316
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:4448
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:8428
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:17692
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:21420
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:6920
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:12028
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:7140
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:11340
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:22652
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:1268
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:4816
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:9460
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:17660
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:20620
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:7600
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:12608
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:22404
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:4256
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:7884
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:13568
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:21944
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:6416
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:14136
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:8112
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:20900
- - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
    "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1388
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:3124
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:4960
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:9528
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:21856
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:7592
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:9048
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:13372
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:6820
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:4408
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:6648
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:14144
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:6664
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:10792
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:20956
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:22444
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:6884
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:14156
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:9892
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:21484
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:22668
- - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
    "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
    3⤵
    PID:2732
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:4716
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:9600
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:13908
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:22952
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:7200
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:11524
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:22380
- - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
    "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
    3⤵
    PID:4192
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:7456
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:21096
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:12076
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:22044
- - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
    "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
    3⤵
    PID:6344
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:11112
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:20964
- - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
    "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
    3⤵
    PID:9908
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:14016
- - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
    "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
    3⤵
    PID:21060
- C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
  "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2864
- - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
    "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1988
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:1384
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:3248
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:9716
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:21800
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:7576
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:21144
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:13644
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:4436
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:8340
        
        C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        7⤵
        
        PID:14104
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:21012
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:6844
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:12600
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:22412
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:11060
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:22452
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:1340
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:4748
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:9076
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:13628
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:7312
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:20532
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:12112
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:22104
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:4216
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:7680
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:13608
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:21920
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:6384
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:11596
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:22708
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:9868
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:21572
- - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
    "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
    3⤵
    PID:1536
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:3092
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:4884
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:9496
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:13892
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:22740
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:7472
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:12060
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:22020
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:4396
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:8508
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:17644
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:21004
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:6852
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:8864
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:20644
- - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
    "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
    3⤵
    PID:2668
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:4636
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:7548
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:12764
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:7436
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:6176
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:21044
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:9488
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:13900
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:22732
- - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
    "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
    3⤵
    PID:4004
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:7220
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:11548
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:4132
- - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
    "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
    3⤵
    PID:6032
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:12096
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:1248
- - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
    "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
    3⤵
    PID:9444
- - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
    "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
    3⤵
    PID:22188
- C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
  "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2120
- - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
    "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
    3⤵
    PID:1260
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:3328
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:5064
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:10008
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:20120
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:7584
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:13584
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:21928
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:4456
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:8496
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:14120
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:20988
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:6912
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:11904
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:22692
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:9040
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:13600
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:21872
- - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
    "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
    3⤵
    PID:3216
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:4992
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:10388
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:13932
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:23084
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:21084
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:7704
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:12616
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:3480
- - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
    "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
    3⤵
    PID:4428
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:8420
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:16720
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:21180
- - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
    "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
    3⤵
    PID:6892
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:13476
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:22420
- - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
    "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
    3⤵
    PID:9640
- - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
    "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
    3⤵
    PID:21128
- C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
  "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1096
- - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
    "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
    3⤵
    PID:2816
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:4308
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:8396
      - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        6⤵
        
        PID:14128
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:20736
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:6744
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:11952
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:22292
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:10708
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:20628
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:22388
- - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
    "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
    3⤵
    PID:3904
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:6860
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:11884
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:22028
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:11028
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:20516
- - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
    "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
    3⤵
    PID:5776
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:10988
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:21936
- - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
    "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
    3⤵
    PID:8364
- - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
    "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
    3⤵
    PID:20708
- C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
  "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
  2⤵
  PID:2228
- - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
    "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
    3⤵
    PID:4152
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:7560
    - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
        5⤵
        
        PID:23944
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:12772
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:7128
- - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
    "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
    3⤵
    PID:6292
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:12976
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:3324
- - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
    "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
    3⤵
    PID:9876
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:14008
- - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
    "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
    3⤵
    PID:21112
- C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
  "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
  2⤵
  PID:3816
- - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
    "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
    3⤵
    PID:6448
  - - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
      "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
      4⤵
      PID:17652
- - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
    "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
    3⤵
    PID:8128
- - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
    "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
    3⤵
    PID:2604
- C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
  "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
  2⤵
  PID:5688
- - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
    "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
    3⤵
    PID:10536
- - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
    "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
    3⤵
    PID:21904
- C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
  "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
  2⤵
  PID:8008
- - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
    "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
    3⤵
    PID:12584
- - C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
    "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
    3⤵
    PID:22036
- C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
  "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
  2⤵
  PID:13412
- C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe
  "C:\Users\Admin\AppData\Local\Temp\ef80372a78cbb7d2a546956c44076c40N.exe"
  2⤵
  PID:22676

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\japanese handjob action [free] vagina (Jenna).mpg.exe

Filesize
1.7MB

MD5
876db610a198465d976c924d4f2b7a1e

SHA1
5ce1b252183ed55d9b51cdd8623f35d41b82e5f6

SHA256
899c12f530affc00fc653a850cde58ebe6814727235beaeeb0afdb8ae7a75180

SHA512
3d3c004c2fc37f03ca6632f71ecca55cb0c5c9acd2af6721e0c5457ced623aad123631f28d93aeb5653947ceae058eee6821c95096796a709cff4671d853119f

Download Submit
C:\debug.txt

Filesize
183B

MD5
d5a5ff07f28c9fd35aed2a7a85a1a5b2

SHA1
c2466792eee0266b2f07bc58e3785e3566503ad9

SHA256
854e8c91b12cc5ac5f24805705d36b05a924245503fd66b7d7f66523f201d7d4

SHA512
b16a94b3c5382b72cbe85744c3009f2ab66ed30eb41a63b280ade3e5af1e02f79c242774dfb923f14c9b1647803fdbea4df4385ff87834ec6398336f8e3c0e5a

Download Submit
memory/2092-100-0x00000000742E0000-0x00000000742E3000-memory.dmp

Filesize
12KB

Download
memory/2092-104-0x0000000074260000-0x0000000074268000-memory.dmp

Filesize
32KB

Download