c9a3a770addd6d88b4ad41c86349d017f26c91fe63cfebfa762b4eee441425fe

Analysis

max time kernel
18s
max time network
119s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
16-07-2024 02:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5565a9804472204e104e617fe23de090N.exe
Size

688KB
MD5

5565a9804472204e104e617fe23de090
SHA1

23fa9e8f6ecfcfb4645c27a8ba6e15ef0cde458f
SHA256

c9a3a770addd6d88b4ad41c86349d017f26c91fe63cfebfa762b4eee441425fe
SHA512

adea8149879295f9343af62547b78b978989ec25b9b1c6c721614130d0daadaf2ad16a7c908eb42edc1e4d4c0e5c100478f8ce662ff0682e5a1cb5e20a667e12
SSDEEP

12288:bPKL8qwQVNxKZZxee89RF2GbxMVs+Xud5lBMxIVIuQnKM0wI/2fAOunX5Q:bSLucNxQZAePGbxMV4d5HWpux33/eopQ

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 61 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2576-0-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/files/0x00070000000190d2-5.dat	upx
behavioral1/memory/2832-67-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2084-93-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1476-95-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2576-98-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2084-101-0x0000000004B30000-0x0000000004B4D000-memory.dmp	upx
behavioral1/memory/2832-104-0x0000000001E80000-0x0000000001E9D000-memory.dmp	upx
behavioral1/memory/2084-103-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2976-105-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2460-107-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2384-111-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/928-113-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/684-114-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2384-116-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2412-118-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2476-119-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2424-120-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2636-123-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2412-122-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2476-124-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2872-126-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2772-128-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2240-129-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2676-131-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2120-132-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2820-134-0x00000000045D0000-0x00000000045ED000-memory.dmp	upx
behavioral1/memory/2280-135-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2120-137-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/3176-138-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/3244-139-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/3472-142-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/3520-143-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/3584-145-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/3208-144-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/3176-147-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/3160-146-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/3244-148-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/3556-149-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/3732-150-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/3772-151-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/3676-152-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/3816-153-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/4020-154-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/4048-155-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/3132-156-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/4020-157-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/4048-159-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/4168-160-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/4240-164-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/4336-168-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/4112-167-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/4168-169-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/4240-170-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/4452-173-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/4336-177-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/4324-176-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/4476-179-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/4452-187-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/4564-192-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/4476-191-0x0000000000400000-0x000000000041D000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	5565a9804472204e104e617fe23de090N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\A:	5565a9804472204e104e617fe23de090N.exe
File opened (read-only)	\??\G:	5565a9804472204e104e617fe23de090N.exe
File opened (read-only)	\??\R:	5565a9804472204e104e617fe23de090N.exe
File opened (read-only)	\??\V:	5565a9804472204e104e617fe23de090N.exe
File opened (read-only)	\??\H:	5565a9804472204e104e617fe23de090N.exe
File opened (read-only)	\??\J:	5565a9804472204e104e617fe23de090N.exe
File opened (read-only)	\??\N:	5565a9804472204e104e617fe23de090N.exe
File opened (read-only)	\??\Q:	5565a9804472204e104e617fe23de090N.exe
File opened (read-only)	\??\X:	5565a9804472204e104e617fe23de090N.exe
File opened (read-only)	\??\Z:	5565a9804472204e104e617fe23de090N.exe
File opened (read-only)	\??\I:	5565a9804472204e104e617fe23de090N.exe
File opened (read-only)	\??\K:	5565a9804472204e104e617fe23de090N.exe
File opened (read-only)	\??\L:	5565a9804472204e104e617fe23de090N.exe
File opened (read-only)	\??\P:	5565a9804472204e104e617fe23de090N.exe
File opened (read-only)	\??\T:	5565a9804472204e104e617fe23de090N.exe
File opened (read-only)	\??\U:	5565a9804472204e104e617fe23de090N.exe
File opened (read-only)	\??\W:	5565a9804472204e104e617fe23de090N.exe
File opened (read-only)	\??\Y:	5565a9804472204e104e617fe23de090N.exe
File opened (read-only)	\??\B:	5565a9804472204e104e617fe23de090N.exe
File opened (read-only)	\??\E:	5565a9804472204e104e617fe23de090N.exe
File opened (read-only)	\??\M:	5565a9804472204e104e617fe23de090N.exe
File opened (read-only)	\??\O:	5565a9804472204e104e617fe23de090N.exe
File opened (read-only)	\??\S:	5565a9804472204e104e617fe23de090N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\spanish cumshot hardcore sleeping (Curtney,Tatjana).zip.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\System32\DriverStore\Temp\blowjob blowjob masturbation balls .rar.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\spanish trambling action public ash gorgeoushorny (Sonja,Liz).avi.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\chinese fetish masturbation .avi.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\kicking masturbation .mpeg.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\SysWOW64\FxsTmp\norwegian bukkake hidden feet upskirt .zip.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\SysWOW64\IME\shared\horse several models shower .avi.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\british beastiality nude lesbian vagina .zip.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\SysWOW64\FxsTmp\hardcore lingerie licking cock .avi.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\SysWOW64\IME\shared\german cum sleeping legs swallow .zip.exe	5565a9804472204e104e617fe23de090N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\japanese porn girls (Curtney,Sonja).rar.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Program Files (x86)\Google\Update\Download\russian gay masturbation traffic .zip.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\russian bukkake lingerie voyeur feet hairy (Sarah,Sylvia).avi.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\canadian gang bang voyeur shower (Britney).zip.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\black action catfight sweet .rar.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Program Files\DVD Maker\Shared\xxx hidden vagina .avi.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\malaysia handjob masturbation nipples beautyfull .mpeg.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Program Files (x86)\Google\Temp\hardcore masturbation .zip.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\beastiality animal public castration .mpg.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\blowjob public hairy .mpeg.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\horse big glans pregnant .mpg.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\asian kicking catfight .rar.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Program Files\Windows Journal\Templates\kicking handjob [bangbus] .mpeg.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\british nude xxx big swallow .mpeg.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\chinese nude girls .mpeg.exe	5565a9804472204e104e617fe23de090N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\asian action girls (Jade).zip.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\bukkake big ash leather (Liz).mpg.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\porn horse [free] titts .mpg.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\tyrkish action beastiality [free] (Anniston,Janette).mpg.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\african gang bang xxx public femdom .mpeg.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\danish horse horse [milf] .zip.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\norwegian handjob hidden legs redhair .rar.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\danish gang bang hidden shoes .rar.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\sperm [bangbus] ash .mpg.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\african lingerie full movie feet (Karin).zip.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\norwegian handjob gay voyeur lady .mpeg.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\action lesbian sleeping .mpeg.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\animal trambling hidden .mpg.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\gay licking fishy .mpeg.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\xxx fucking public .zip.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\american fucking xxx voyeur shower .mpg.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\german bukkake girls .mpg.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\russian beastiality voyeur .rar.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\lingerie hardcore licking legs castration .mpg.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\handjob animal uncut leather .mpg.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\swedish beast hardcore hidden glans .mpg.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\african gay [free] (Ashley,Ashley).mpeg.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\tyrkish lingerie bukkake girls ash .avi.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\black action girls penetration .rar.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\winsxs\InstallTemp\fucking hardcore sleeping nipples redhair (Christine).mpg.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\spanish action horse catfight blondie .avi.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\norwegian animal nude lesbian titts .zip.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\chinese cumshot hot (!) blondie .avi.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\sperm lingerie licking (Samantha).avi.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\cumshot [bangbus] (Anniston).avi.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\mssrv.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\PLA\Templates\gang bang handjob big .mpeg.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\spanish sperm public glans .zip.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\german beast hidden penetration (Samantha).rar.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\brasilian xxx catfight feet .avi.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\japanese fetish lingerie licking cock sweet .mpeg.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\german lesbian sleeping .mpeg.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\chinese cum uncut mature .mpg.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\assembly\tmp\african sperm sleeping traffic (Britney,Karin).rar.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\fucking xxx big (Melissa).avi.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\tyrkish horse girls ash .mpeg.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\asian trambling kicking catfight .mpg.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\chinese handjob cumshot several models .mpeg.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\beastiality uncut titts .rar.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\canadian animal lingerie licking ash bondage .rar.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\american kicking [milf] (Tatjana,Sarah).zip.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\danish horse hidden nipples mature .rar.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\danish xxx fucking [bangbus] legs pregnant .mpg.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\hardcore big (Janette,Ashley).rar.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\british sperm girls ìï .rar.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\sperm lingerie [milf] nipples latex (Britney).zip.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\security\templates\danish horse lingerie masturbation .mpeg.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\SoftwareDistribution\Download\tyrkish xxx girls balls .mpg.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\norwegian trambling beast lesbian .zip.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\sperm gang bang masturbation boobs .rar.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\kicking kicking voyeur vagina (Sandy).rar.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\blowjob nude [milf] .rar.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\hardcore porn several models shower .mpg.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\french fetish animal voyeur glans (Kathrin).avi.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\Downloaded Program Files\canadian cum hardcore licking .avi.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\spanish gang bang cum big vagina beautyfull .zip.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\german lingerie horse lesbian nipples stockings .mpeg.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\russian horse porn hot (!) glans ìï .mpg.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\bukkake action hidden hotel .mpeg.exe	5565a9804472204e104e617fe23de090N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2576	5565a9804472204e104e617fe23de090N.exe
2832	5565a9804472204e104e617fe23de090N.exe
2576	5565a9804472204e104e617fe23de090N.exe
2084	5565a9804472204e104e617fe23de090N.exe
1476	5565a9804472204e104e617fe23de090N.exe
2832	5565a9804472204e104e617fe23de090N.exe
2576	5565a9804472204e104e617fe23de090N.exe
340	5565a9804472204e104e617fe23de090N.exe
2616	5565a9804472204e104e617fe23de090N.exe
2312	5565a9804472204e104e617fe23de090N.exe
2084	5565a9804472204e104e617fe23de090N.exe
1308	5565a9804472204e104e617fe23de090N.exe
2576	5565a9804472204e104e617fe23de090N.exe
2832	5565a9804472204e104e617fe23de090N.exe
1476	5565a9804472204e104e617fe23de090N.exe
2044	5565a9804472204e104e617fe23de090N.exe
340	5565a9804472204e104e617fe23de090N.exe
1952	5565a9804472204e104e617fe23de090N.exe
2084	5565a9804472204e104e617fe23de090N.exe
2312	5565a9804472204e104e617fe23de090N.exe
2576	5565a9804472204e104e617fe23de090N.exe
860	5565a9804472204e104e617fe23de090N.exe
2820	5565a9804472204e104e617fe23de090N.exe
2616	5565a9804472204e104e617fe23de090N.exe
2136	5565a9804472204e104e617fe23de090N.exe
2976	5565a9804472204e104e617fe23de090N.exe
2968	5565a9804472204e104e617fe23de090N.exe
2596	5565a9804472204e104e617fe23de090N.exe
2832	5565a9804472204e104e617fe23de090N.exe
1476	5565a9804472204e104e617fe23de090N.exe
1308	5565a9804472204e104e617fe23de090N.exe
2460	5565a9804472204e104e617fe23de090N.exe
2044	5565a9804472204e104e617fe23de090N.exe
356	5565a9804472204e104e617fe23de090N.exe
700	5565a9804472204e104e617fe23de090N.exe
2980	5565a9804472204e104e617fe23de090N.exe
340	5565a9804472204e104e617fe23de090N.exe
2084	5565a9804472204e104e617fe23de090N.exe
1740	5565a9804472204e104e617fe23de090N.exe
2896	5565a9804472204e104e617fe23de090N.exe
1952	5565a9804472204e104e617fe23de090N.exe
2312	5565a9804472204e104e617fe23de090N.exe
2312	5565a9804472204e104e617fe23de090N.exe
1064	5565a9804472204e104e617fe23de090N.exe
1064	5565a9804472204e104e617fe23de090N.exe
2576	5565a9804472204e104e617fe23de090N.exe
2576	5565a9804472204e104e617fe23de090N.exe
2616	5565a9804472204e104e617fe23de090N.exe
2616	5565a9804472204e104e617fe23de090N.exe
2472	5565a9804472204e104e617fe23de090N.exe
2472	5565a9804472204e104e617fe23de090N.exe
2384	5565a9804472204e104e617fe23de090N.exe
2384	5565a9804472204e104e617fe23de090N.exe
1004	5565a9804472204e104e617fe23de090N.exe
1004	5565a9804472204e104e617fe23de090N.exe
1540	5565a9804472204e104e617fe23de090N.exe
1540	5565a9804472204e104e617fe23de090N.exe
860	5565a9804472204e104e617fe23de090N.exe
860	5565a9804472204e104e617fe23de090N.exe
928	5565a9804472204e104e617fe23de090N.exe
2196	5565a9804472204e104e617fe23de090N.exe
928	5565a9804472204e104e617fe23de090N.exe
2196	5565a9804472204e104e617fe23de090N.exe
684	5565a9804472204e104e617fe23de090N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2576 wrote to memory of 2832	2576	5565a9804472204e104e617fe23de090N.exe	31
PID 2576 wrote to memory of 2832	2576	5565a9804472204e104e617fe23de090N.exe	31
PID 2576 wrote to memory of 2832	2576	5565a9804472204e104e617fe23de090N.exe	31
PID 2576 wrote to memory of 2832	2576	5565a9804472204e104e617fe23de090N.exe	31
PID 2832 wrote to memory of 2084	2832	5565a9804472204e104e617fe23de090N.exe	32
PID 2832 wrote to memory of 2084	2832	5565a9804472204e104e617fe23de090N.exe	32
PID 2832 wrote to memory of 2084	2832	5565a9804472204e104e617fe23de090N.exe	32
PID 2832 wrote to memory of 2084	2832	5565a9804472204e104e617fe23de090N.exe	32
PID 2576 wrote to memory of 1476	2576	5565a9804472204e104e617fe23de090N.exe	33
PID 2576 wrote to memory of 1476	2576	5565a9804472204e104e617fe23de090N.exe	33
PID 2576 wrote to memory of 1476	2576	5565a9804472204e104e617fe23de090N.exe	33
PID 2576 wrote to memory of 1476	2576	5565a9804472204e104e617fe23de090N.exe	33
PID 2084 wrote to memory of 340	2084	5565a9804472204e104e617fe23de090N.exe	34
PID 2084 wrote to memory of 340	2084	5565a9804472204e104e617fe23de090N.exe	34
PID 2084 wrote to memory of 340	2084	5565a9804472204e104e617fe23de090N.exe	34
PID 2084 wrote to memory of 340	2084	5565a9804472204e104e617fe23de090N.exe	34
PID 2832 wrote to memory of 2616	2832	5565a9804472204e104e617fe23de090N.exe	35
PID 2832 wrote to memory of 2616	2832	5565a9804472204e104e617fe23de090N.exe	35
PID 2832 wrote to memory of 2616	2832	5565a9804472204e104e617fe23de090N.exe	35
PID 2832 wrote to memory of 2616	2832	5565a9804472204e104e617fe23de090N.exe	35
PID 1476 wrote to memory of 2312	1476	5565a9804472204e104e617fe23de090N.exe	36
PID 1476 wrote to memory of 2312	1476	5565a9804472204e104e617fe23de090N.exe	36
PID 1476 wrote to memory of 2312	1476	5565a9804472204e104e617fe23de090N.exe	36
PID 1476 wrote to memory of 2312	1476	5565a9804472204e104e617fe23de090N.exe	36
PID 2576 wrote to memory of 1308	2576	5565a9804472204e104e617fe23de090N.exe	37
PID 2576 wrote to memory of 1308	2576	5565a9804472204e104e617fe23de090N.exe	37
PID 2576 wrote to memory of 1308	2576	5565a9804472204e104e617fe23de090N.exe	37
PID 2576 wrote to memory of 1308	2576	5565a9804472204e104e617fe23de090N.exe	37
PID 340 wrote to memory of 2044	340	5565a9804472204e104e617fe23de090N.exe	38
PID 340 wrote to memory of 2044	340	5565a9804472204e104e617fe23de090N.exe	38
PID 340 wrote to memory of 2044	340	5565a9804472204e104e617fe23de090N.exe	38
PID 340 wrote to memory of 2044	340	5565a9804472204e104e617fe23de090N.exe	38
PID 2084 wrote to memory of 2820	2084	5565a9804472204e104e617fe23de090N.exe	39
PID 2084 wrote to memory of 2820	2084	5565a9804472204e104e617fe23de090N.exe	39
PID 2084 wrote to memory of 2820	2084	5565a9804472204e104e617fe23de090N.exe	39
PID 2084 wrote to memory of 2820	2084	5565a9804472204e104e617fe23de090N.exe	39
PID 2616 wrote to memory of 1952	2616	5565a9804472204e104e617fe23de090N.exe	40
PID 2616 wrote to memory of 1952	2616	5565a9804472204e104e617fe23de090N.exe	40
PID 2616 wrote to memory of 1952	2616	5565a9804472204e104e617fe23de090N.exe	40
PID 2616 wrote to memory of 1952	2616	5565a9804472204e104e617fe23de090N.exe	40
PID 2312 wrote to memory of 860	2312	5565a9804472204e104e617fe23de090N.exe	41
PID 2312 wrote to memory of 860	2312	5565a9804472204e104e617fe23de090N.exe	41
PID 2312 wrote to memory of 860	2312	5565a9804472204e104e617fe23de090N.exe	41
PID 2312 wrote to memory of 860	2312	5565a9804472204e104e617fe23de090N.exe	41
PID 2576 wrote to memory of 2136	2576	5565a9804472204e104e617fe23de090N.exe	42
PID 2576 wrote to memory of 2136	2576	5565a9804472204e104e617fe23de090N.exe	42
PID 2576 wrote to memory of 2136	2576	5565a9804472204e104e617fe23de090N.exe	42
PID 2576 wrote to memory of 2136	2576	5565a9804472204e104e617fe23de090N.exe	42
PID 2832 wrote to memory of 2976	2832	5565a9804472204e104e617fe23de090N.exe	43
PID 2832 wrote to memory of 2976	2832	5565a9804472204e104e617fe23de090N.exe	43
PID 2832 wrote to memory of 2976	2832	5565a9804472204e104e617fe23de090N.exe	43
PID 2832 wrote to memory of 2976	2832	5565a9804472204e104e617fe23de090N.exe	43
PID 1476 wrote to memory of 2968	1476	5565a9804472204e104e617fe23de090N.exe	44
PID 1476 wrote to memory of 2968	1476	5565a9804472204e104e617fe23de090N.exe	44
PID 1476 wrote to memory of 2968	1476	5565a9804472204e104e617fe23de090N.exe	44
PID 1476 wrote to memory of 2968	1476	5565a9804472204e104e617fe23de090N.exe	44
PID 1308 wrote to memory of 2596	1308	5565a9804472204e104e617fe23de090N.exe	45
PID 1308 wrote to memory of 2596	1308	5565a9804472204e104e617fe23de090N.exe	45
PID 1308 wrote to memory of 2596	1308	5565a9804472204e104e617fe23de090N.exe	45
PID 1308 wrote to memory of 2596	1308	5565a9804472204e104e617fe23de090N.exe	45
PID 2044 wrote to memory of 2460	2044	5565a9804472204e104e617fe23de090N.exe	46
PID 2044 wrote to memory of 2460	2044	5565a9804472204e104e617fe23de090N.exe	46
PID 2044 wrote to memory of 2460	2044	5565a9804472204e104e617fe23de090N.exe	46
PID 2044 wrote to memory of 2460	2044	5565a9804472204e104e617fe23de090N.exe	46

C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
"C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2576
- C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
  "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2832
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2084
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:340
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2044
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        8⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        9⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        10⤵
        
        PID:9876
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        10⤵
        
        PID:17820
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        9⤵
        
        PID:7776
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        10⤵
        
        PID:17704
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        9⤵
        
        PID:12808
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        8⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        9⤵
        
        PID:8356
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        10⤵
        
        PID:17868
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        9⤵
        
        PID:14452
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        8⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        9⤵
        
        PID:17480
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        8⤵
        
        PID:10088
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        8⤵
        
        PID:15676
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        8⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        9⤵
        
        PID:9680
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        10⤵
        
        PID:22472
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        9⤵
        
        PID:15596
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        8⤵
        
        PID:8124
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        9⤵
        
        PID:18060
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        8⤵
        
        PID:14672
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        8⤵
        
        PID:8992
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        8⤵
        
        PID:16840
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        8⤵
        
        PID:13360
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:10132
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:15764
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        8⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        9⤵
        
        PID:11160
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        8⤵
        
        PID:8264
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        9⤵
        
        PID:17740
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        8⤵
        
        PID:13680
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        8⤵
        
        PID:9068
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        9⤵
        
        PID:17720
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        8⤵
        
        PID:17400
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        8⤵
        
        PID:16988
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:12612
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:21272
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        8⤵
        
        PID:12176
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:7696
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        8⤵
        
        PID:17956
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:12840
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:9028
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:15628
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:16936
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:12468
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:356
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        8⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        9⤵
        
        PID:12300
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        9⤵
        
        PID:21296
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        8⤵
        
        PID:7600
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        9⤵
        
        PID:17796
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        8⤵
        
        PID:14444
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        8⤵
        
        PID:9036
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        8⤵
        
        PID:15796
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        8⤵
        
        PID:14476
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:9720
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:15772
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        8⤵
        
        PID:11456
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:8568
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:12460
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:9084
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:17884
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:17712
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:12484
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:21328
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:2984
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        8⤵
        
        PID:13588
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:9280
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:16948
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:9632
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:17948
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:7748
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:13752
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:3732
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:14380
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:9904
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:19368
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:4976
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:9868
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:17916
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:6904
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:17860
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:12824
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2820
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2384
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        8⤵
        
        PID:8004
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        8⤵
        
        PID:16848
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        8⤵
        
        PID:14932
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:12324
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:7588
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:12860
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:13712
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:9512
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:17140
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:1260
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:9296
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:16980
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:17764
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:12800
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:4476
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:7436
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:20364
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:14552
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:6544
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:15504
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:10552
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:21336
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:700
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:2412
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        8⤵
        
        PID:13672
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:9272
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:16956
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:9980
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:19048
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:7612
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:12932
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:3676
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:13664
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:9092
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:17360
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:15780
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:4708
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:9368
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:19080
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:7192
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:19096
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:12996
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:2476
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:3860
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:15644
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:9488
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:17964
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:5328
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:10012
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:17132
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:8156
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:19924
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:13016
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:3816
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:5372
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:14236
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:9340
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:18004
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:5252
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:9912
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:19064
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:7764
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:12848
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2616
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1952
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2980
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        8⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        9⤵
        
        PID:13368
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        8⤵
        
        PID:9244
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        8⤵
        
        PID:16964
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        8⤵
        
        PID:9232
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        8⤵
        
        PID:17116
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:7108
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        8⤵
        
        PID:17756
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:12784
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        8⤵
        
        PID:13344
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:9124
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:17696
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:9352
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:17296
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:17288
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:12816
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:2776
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        8⤵
        
        PID:17512
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:10096
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:19352
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:12580
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:21320
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:7244
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:20348
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:14664
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:3848
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:13616
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:9540
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:22708
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:17876
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:5300
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:10592
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:20340
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:7992
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:19764
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:12748
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1064
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:2660
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        8⤵
        
        PID:20012
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:12956
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:13476
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:8952
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:17680
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:1576
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:4048
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:17496
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:12548
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:5880
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:12292
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:21248
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:8340
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:17844
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:15604
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:2772
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:3648
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:19072
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:12564
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:5992
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:12604
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:8808
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:15684
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:3988
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:6848
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:17424
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:10056
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:17972
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:5708
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:11464
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:8272
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:17900
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:13324
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2976
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1540
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:2240
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:8332
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        8⤵
        
        PID:17092
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:15668
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:15724
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:10568
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:21288
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:4336
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:7672
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:17932
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:12948
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:6044
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:13376
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:9496
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:17316
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:3104
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:4828
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:9552
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:17988
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:7236
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:19204
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:12924
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:4488
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:7832
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:17084
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:6608
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:17460
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:10544
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:20304
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1004
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:2120
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:4852
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:9000
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:15804
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:7088
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:272
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:10244
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:15748
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:4384
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:7976
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:12588
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:6204
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:13656
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:9724
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:19104
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:2280
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:5084
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:9060
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:19128
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:6880
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:19112
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:12980
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:4452
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:7376
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:19220
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:12508
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:6472
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:13336
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:10536
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:21352
- C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
  "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1476
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2312
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:860
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2472
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        8⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        9⤵
        
        PID:18012
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        8⤵
        
        PID:12532
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        8⤵
        
        PID:13768
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:9100
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:15636
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        8⤵
        
        PID:17780
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:12636
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:13632
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:8976
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:2012
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:848
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:7208
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        8⤵
        
        PID:17980
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:12644
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:13744
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:9528
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:17568
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:4168
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:19120
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:12516
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:6112
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:11476
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:9016
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:19088
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1740
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:2676
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        8⤵
        
        PID:17108
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:12524
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:12388
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:21264
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:8916
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:14680
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:3996
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:15812
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:12436
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:21368
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:5728
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:12380
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:21256
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:8348
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:18040
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:15732
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:2872
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:4040
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:616
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:12972
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:5872
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:11128
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:8592
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:22176
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:12572
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:3940
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:6508
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:13316
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:10260
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:15740
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:5528
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:10104
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:19040
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:8140
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:12756
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2968
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:2992
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:3244
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:10584
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:21280
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:8116
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:12900
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:4668
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:17672
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:12500
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:6736
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:13704
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:10072
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:15652
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:3152
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:4552
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:9332
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:16972
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:6268
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:19056
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:12832
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:4536
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:8584
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:18024
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:12556
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:6640
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:17416
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:10080
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:15660
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2196
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:1280
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:5064
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:9164
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:17124
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:6788
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:18088
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:12792
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:4468
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:7988
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:17688
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:14656
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:6576
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:17452
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:10560
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:19244
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:3160
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:5148
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:9920
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:19236
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:7724
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:13736
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:4636
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:8552
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:12540
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:6708
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:13720
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:12372
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:21012
- C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
  "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1308
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2596
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:3036
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:3312
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:9944
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:17852
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:7932
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:13728
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:4700
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:8960
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:17908
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:7028
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:17504
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:12940
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:3208
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:5108
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:9480
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:17940
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:7604
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:20328
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:12964
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:4628
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:9008
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:1680
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:6924
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:13648
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:10576
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:21312
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:684
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:3136
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:4604
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:9744
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:17332
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:7384
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:19228
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:12988
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:4564
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:8368
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:17728
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:14612
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:6700
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:14388
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:10528
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:21304
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:3176
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:5180
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:9640
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:17468
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:7740
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:12736
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:4644
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:8968
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:17440
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:6940
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:17488
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:10512
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:21344
- C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
  "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2136
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:928
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:2788
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:4924
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:9180
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:17100
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:7228
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:20356
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:12476
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:20996
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:4412
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:7844
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:13352
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:6296
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:14396
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:9504
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:17324
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:3124
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:4332
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:9324
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:17996
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:7056
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:18048
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:12492
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:4496
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:7552
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:19212
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:12868
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:6592
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:13696
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:10064
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:15788
- C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
  "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2896
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:2636
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:3844
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:6664
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:17772
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:12620
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:6048
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:11480
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:8560
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:12628
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:22996
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:4020
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:7128
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:14924
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:10252
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:15692
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:5848
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:12308
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:8256
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:17924
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:14648
- C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
  "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
  2⤵
  PID:2784
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:3132
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:6248
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:16996
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:12596
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:21360
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:5980
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:12364
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:21004
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:8984
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:17892
- C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
  "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
  2⤵
  PID:3980
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:6668
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:14940
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:10504
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:20296
- C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
  "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
  2⤵
  PID:5696
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:11680
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:7828
- C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
  "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
  2⤵
  PID:7720
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:22184
- C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
  "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
  2⤵
  PID:12720

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\british nude xxx big swallow .mpeg.exe

Filesize
1.7MB

MD5
44635ff387b5aef2f333ceced2d4f989

SHA1
3dee8af8cfc395286e95d40f2d2a5ff914e6c4ca

SHA256
732d1ab8fd1e620f44e8f55a5b3efdfb5d5f55a2ebe0e3832fd5854001e1f2c4

SHA512
0ceff0acbf793b90874157c8e6969276f61fe7d5c58baba7c0aac81ef8c8ce30f3dd4d1e2ffba3bd524aa9df550aa9c859a92b3597242063a739716b2c34213e

Download Submit
C:\debug.txt

Filesize
183B

MD5
d52ca27f5cb96d69ef999727bd6ecfc0

SHA1
a1179299d04f4705dbe2c0637e0dfabad17c5280

SHA256
80b1315e9d83844531a3043a9cd9ebfcc20850b9721e55d522d80717125dee89

SHA512
a15898e704cd406fc5f37e318796015721ae51733e7089d85d7d0003ee69316fe392a1c74b5dd5804b893e6c87aa9068d160d2cdfe3dbe2adcba501eb5d632d1

Download Submit
memory/340-121-0x0000000004B00000-0x0000000004B1D000-memory.dmp

Filesize
116KB

Download
memory/340-117-0x0000000004B00000-0x0000000004B1D000-memory.dmp

Filesize
116KB

Download
memory/340-110-0x0000000004B00000-0x0000000004B1D000-memory.dmp

Filesize
116KB

Download
memory/340-108-0x0000000004B00000-0x0000000004B1D000-memory.dmp

Filesize
116KB

Download
memory/340-99-0x0000000002010000-0x000000000202D000-memory.dmp

Filesize
116KB

Download
memory/684-136-0x0000000002040000-0x000000000205D000-memory.dmp

Filesize
116KB

Download
memory/684-193-0x0000000004970000-0x000000000498D000-memory.dmp

Filesize
116KB

Download
memory/684-114-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/928-133-0x0000000004580000-0x000000000459D000-memory.dmp

Filesize
116KB

Download
memory/928-113-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1004-180-0x0000000005020000-0x000000000503D000-memory.dmp

Filesize
116KB

Download
memory/1308-184-0x0000000004F20000-0x0000000004F3D000-memory.dmp

Filesize
116KB

Download
memory/1476-95-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1476-183-0x0000000004F20000-0x0000000004F3D000-memory.dmp

Filesize
116KB

Download
memory/1476-97-0x0000000004DD0000-0x0000000004DED000-memory.dmp

Filesize
116KB

Download
memory/1740-130-0x00000000047A0000-0x00000000047BD000-memory.dmp

Filesize
116KB

Download
memory/1952-109-0x0000000001FC0000-0x0000000001FDD000-memory.dmp

Filesize
116KB

Download
memory/2084-101-0x0000000004B30000-0x0000000004B4D000-memory.dmp

Filesize
116KB

Download
memory/2084-103-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2084-96-0x0000000004580000-0x000000000459D000-memory.dmp

Filesize
116KB

Download
memory/2084-93-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2120-132-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2120-137-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2136-174-0x0000000004AB0000-0x0000000004ACD000-memory.dmp

Filesize
116KB

Download
memory/2136-188-0x0000000004AB0000-0x0000000004ACD000-memory.dmp

Filesize
116KB

Download
memory/2196-185-0x0000000004F20000-0x0000000004F3D000-memory.dmp

Filesize
116KB

Download
memory/2196-172-0x0000000004F20000-0x0000000004F3D000-memory.dmp

Filesize
116KB

Download
memory/2208-189-0x00000000043F0000-0x000000000440D000-memory.dmp

Filesize
116KB

Download
memory/2240-129-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2240-181-0x0000000004F10000-0x0000000004F2D000-memory.dmp

Filesize
116KB

Download
memory/2280-135-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2312-125-0x0000000004B30000-0x0000000004B4D000-memory.dmp

Filesize
116KB

Download
memory/2384-116-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2384-175-0x0000000004910000-0x000000000492D000-memory.dmp

Filesize
116KB

Download
memory/2384-111-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2412-122-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2412-118-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2424-120-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2460-107-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2472-166-0x00000000045D0000-0x00000000045ED000-memory.dmp

Filesize
116KB

Download
memory/2472-158-0x00000000045D0000-0x00000000045ED000-memory.dmp

Filesize
116KB

Download
memory/2476-124-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2476-119-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2576-66-0x00000000046F0000-0x000000000470D000-memory.dmp

Filesize
116KB

Download
memory/2576-0-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2576-94-0x0000000004DF0000-0x0000000004E0D000-memory.dmp

Filesize
116KB

Download
memory/2576-98-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2576-100-0x00000000046F0000-0x000000000470D000-memory.dmp

Filesize
116KB

Download
memory/2616-112-0x00000000045A0000-0x00000000045BD000-memory.dmp

Filesize
116KB

Download
memory/2636-123-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2676-131-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2772-128-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2820-134-0x00000000045D0000-0x00000000045ED000-memory.dmp

Filesize
116KB

Download
memory/2820-186-0x0000000004B00000-0x0000000004B1D000-memory.dmp

Filesize
116KB

Download
memory/2832-171-0x0000000001E80000-0x0000000001E9D000-memory.dmp

Filesize
116KB

Download
memory/2832-67-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2832-182-0x0000000001E80000-0x0000000001E9D000-memory.dmp

Filesize
116KB

Download
memory/2832-92-0x0000000001E10000-0x0000000001E2D000-memory.dmp

Filesize
116KB

Download
memory/2832-104-0x0000000001E80000-0x0000000001E9D000-memory.dmp

Filesize
116KB

Download
memory/2832-102-0x0000000001E10000-0x0000000001E2D000-memory.dmp

Filesize
116KB

Download
memory/2872-126-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2968-190-0x0000000005160000-0x000000000517D000-memory.dmp

Filesize
116KB

Download
memory/2968-178-0x0000000005160000-0x000000000517D000-memory.dmp

Filesize
116KB

Download
memory/2976-105-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3132-156-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3160-146-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3176-138-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3176-147-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3208-144-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3244-139-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3244-148-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3472-142-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3520-143-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3556-149-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3584-145-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3676-152-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3732-150-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3772-151-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3816-153-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4020-157-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4020-154-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4048-159-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4048-155-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4112-167-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4168-160-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4168-169-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4240-164-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4240-170-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4324-176-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4336-177-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4336-168-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4452-187-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4452-173-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4476-179-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4476-191-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4564-192-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download