c801796057378ce71ed1f3340011b666928d797e46a36a5bf71a9d732fc55925

Analysis

max time kernel
18s
max time network
86s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
16-07-2024 06:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7edfe677a3c7d6c196fb61882bd07320N.exe
Size

855KB
MD5

7edfe677a3c7d6c196fb61882bd07320
SHA1

9c50a2c2ae16b3251689f57afabc7831bfb0c300
SHA256

c801796057378ce71ed1f3340011b666928d797e46a36a5bf71a9d732fc55925
SHA512

9d79a7c4a0bdf88616839c270e1417c49288137cf26466c17a2a533e49360366e8fa6e77ba021e405bd9ad311470fd232244e67d468d8e4c9d8fcb516b1b27f8
SSDEEP

12288:dXCNi9BJGabBgRpSTiS8t8w+LIn/98xkQCFMvY6e12s+ABZK03pXnP42gBxzXeVI:oWl9T38yy8eie12sLZDf4RxyV23VO1Xs

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	7edfe677a3c7d6c196fb61882bd07320N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\G:	7edfe677a3c7d6c196fb61882bd07320N.exe
File opened (read-only)	\??\O:	7edfe677a3c7d6c196fb61882bd07320N.exe
File opened (read-only)	\??\R:	7edfe677a3c7d6c196fb61882bd07320N.exe
File opened (read-only)	\??\K:	7edfe677a3c7d6c196fb61882bd07320N.exe
File opened (read-only)	\??\M:	7edfe677a3c7d6c196fb61882bd07320N.exe
File opened (read-only)	\??\P:	7edfe677a3c7d6c196fb61882bd07320N.exe
File opened (read-only)	\??\T:	7edfe677a3c7d6c196fb61882bd07320N.exe
File opened (read-only)	\??\B:	7edfe677a3c7d6c196fb61882bd07320N.exe
File opened (read-only)	\??\E:	7edfe677a3c7d6c196fb61882bd07320N.exe
File opened (read-only)	\??\I:	7edfe677a3c7d6c196fb61882bd07320N.exe
File opened (read-only)	\??\N:	7edfe677a3c7d6c196fb61882bd07320N.exe
File opened (read-only)	\??\S:	7edfe677a3c7d6c196fb61882bd07320N.exe
File opened (read-only)	\??\U:	7edfe677a3c7d6c196fb61882bd07320N.exe
File opened (read-only)	\??\V:	7edfe677a3c7d6c196fb61882bd07320N.exe
File opened (read-only)	\??\Y:	7edfe677a3c7d6c196fb61882bd07320N.exe
File opened (read-only)	\??\A:	7edfe677a3c7d6c196fb61882bd07320N.exe
File opened (read-only)	\??\H:	7edfe677a3c7d6c196fb61882bd07320N.exe
File opened (read-only)	\??\J:	7edfe677a3c7d6c196fb61882bd07320N.exe
File opened (read-only)	\??\X:	7edfe677a3c7d6c196fb61882bd07320N.exe
File opened (read-only)	\??\Z:	7edfe677a3c7d6c196fb61882bd07320N.exe
File opened (read-only)	\??\L:	7edfe677a3c7d6c196fb61882bd07320N.exe
File opened (read-only)	\??\Q:	7edfe677a3c7d6c196fb61882bd07320N.exe
File opened (read-only)	\??\W:	7edfe677a3c7d6c196fb61882bd07320N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\indian cumshot sperm [free] glans hairy (Samantha).mpeg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\SysWOW64\FxsTmp\chinese gay several models hole castration .rar.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\SysWOW64\IME\shared\danish action bukkake [milf] .rar.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\lesbian masturbation hotel .mpeg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\blowjob sleeping latex .mpeg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\SysWOW64\FxsTmp\american gang bang gay [free] cock .mpeg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\SysWOW64\IME\shared\indian nude hardcore [free] feet upskirt .mpeg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\french xxx sleeping redhair .rar.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\System32\DriverStore\Temp\russian handjob trambling voyeur balls (Christine,Sylvia).rar.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\lingerie hot (!) hole .avi.exe	7edfe677a3c7d6c196fb61882bd07320N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\beast [free] (Sylvia).zip.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Program Files (x86)\Google\Update\Download\italian beastiality gay several models (Karin).avi.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\tyrkish cumshot trambling licking glans .mpg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\lesbian uncut black hairunshaved .zip.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\danish horse beast catfight cock (Britney,Janette).avi.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\italian animal blowjob lesbian glans fishy .mpeg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\bukkake catfight mistress .zip.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\horse masturbation hole bondage .zip.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\gay big glans sweet (Janette).avi.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Program Files\Windows Journal\Templates\swedish nude lesbian voyeur circumcision .zip.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Program Files (x86)\Google\Temp\xxx uncut .zip.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\swedish kicking fucking full movie .mpg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Program Files\DVD Maker\Shared\bukkake uncut fishy .zip.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\sperm hidden .avi.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\american cum bukkake hidden feet young .mpeg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\beast several models feet fishy .mpg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\black cum hardcore uncut ìï (Kathrin,Melissa).zip.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\trambling [free] bedroom .mpeg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\american beastiality gay [free] (Karin).rar.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\blowjob hot (!) (Samantha).avi.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\chinese sperm [bangbus] 40+ .avi.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\cum gay hot (!) girly .mpeg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\fetish xxx girls glans .mpg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\malaysia fucking uncut YEâPSè& .mpeg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\horse sperm [free] .mpeg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\danish gang bang bukkake sleeping glans bedroom .avi.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\winsxs\Temp\japanese porn blowjob full movie hole .zip.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\beastiality hardcore voyeur beautyfull .mpg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\black gang bang sperm big feet femdom (Tatjana).zip.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\lingerie voyeur sm .zip.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\french xxx [bangbus] high heels .avi.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\hardcore masturbation hole beautyfull .rar.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\black kicking blowjob hidden mature (Britney,Melissa).avi.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\tyrkish fetish sperm sleeping redhair (Ashley,Sylvia).mpg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\hardcore licking hole 50+ (Samantha).mpg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\beast [free] titts .avi.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\lesbian several models balls .avi.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\danish handjob lingerie sleeping glans ejaculation (Melissa).mpg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\kicking lingerie [free] feet (Kathrin,Sylvia).mpeg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\american gang bang hardcore several models boots .mpg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\malaysia lingerie several models (Curtney).mpeg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\bukkake public cock bedroom .mpeg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\german horse sleeping feet .mpg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\brasilian handjob beast masturbation .avi.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\tyrkish beastiality sperm masturbation glans granny (Sarah).zip.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\horse voyeur hotel (Jenna,Samantha).zip.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\chinese trambling [milf] .zip.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\blowjob [free] titts .zip.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\malaysia blowjob sleeping (Curtney).avi.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\indian action blowjob masturbation hole .zip.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\norwegian bukkake big .rar.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\italian handjob fucking lesbian leather .rar.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\japanese beastiality sperm public wifey .rar.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\german beast hot (!) feet bondage .mpeg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\brasilian fetish blowjob [milf] YEâPSè& .zip.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\horse big titts stockings .avi.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\animal fucking sleeping shoes .avi.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\american kicking gay uncut glans .mpeg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\american handjob blowjob sleeping penetration (Kathrin,Jade).rar.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\indian nude horse lesbian ejaculation .mpeg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\canadian horse licking ash .avi.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\winsxs\InstallTemp\tyrkish action fucking [bangbus] bedroom (Christine,Sylvia).mpg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\italian handjob xxx girls mature .mpg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\fucking hot (!) bondage (Ashley,Liz).avi.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\Downloaded Program Files\black action blowjob catfight swallow (Anniston,Curtney).mpeg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\PLA\Templates\black handjob lingerie uncut feet leather (Sylvia).rar.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\horse sleeping lady .rar.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\kicking horse catfight (Samantha).mpg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\action bukkake full movie lady (Christine,Sylvia).mpg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\american horse lesbian several models .avi.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\african lesbian lesbian .zip.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\handjob horse [bangbus] cock femdom .avi.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\horse uncut hole circumcision .mpeg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\tyrkish porn lesbian several models ìï (Sonja,Curtney).zip.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\african xxx licking pregnant .zip.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\british bukkake hidden balls .mpg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\british horse lesbian feet (Christine,Tatjana).mpeg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\bukkake licking 50+ (Sonja,Curtney).rar.exe	7edfe677a3c7d6c196fb61882bd07320N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\canadian lingerie [free] .mpg.exe	7edfe677a3c7d6c196fb61882bd07320N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3044	7edfe677a3c7d6c196fb61882bd07320N.exe
2768	7edfe677a3c7d6c196fb61882bd07320N.exe
3044	7edfe677a3c7d6c196fb61882bd07320N.exe
1712	7edfe677a3c7d6c196fb61882bd07320N.exe
2804	7edfe677a3c7d6c196fb61882bd07320N.exe
2768	7edfe677a3c7d6c196fb61882bd07320N.exe
3044	7edfe677a3c7d6c196fb61882bd07320N.exe
1772	7edfe677a3c7d6c196fb61882bd07320N.exe
2272	7edfe677a3c7d6c196fb61882bd07320N.exe
2024	7edfe677a3c7d6c196fb61882bd07320N.exe
1712	7edfe677a3c7d6c196fb61882bd07320N.exe
276	7edfe677a3c7d6c196fb61882bd07320N.exe
2768	7edfe677a3c7d6c196fb61882bd07320N.exe
2804	7edfe677a3c7d6c196fb61882bd07320N.exe
3044	7edfe677a3c7d6c196fb61882bd07320N.exe
1476	7edfe677a3c7d6c196fb61882bd07320N.exe
2044	7edfe677a3c7d6c196fb61882bd07320N.exe
572	7edfe677a3c7d6c196fb61882bd07320N.exe
1880	7edfe677a3c7d6c196fb61882bd07320N.exe
1772	7edfe677a3c7d6c196fb61882bd07320N.exe
2272	7edfe677a3c7d6c196fb61882bd07320N.exe
2876	7edfe677a3c7d6c196fb61882bd07320N.exe
2896	7edfe677a3c7d6c196fb61882bd07320N.exe
2024	7edfe677a3c7d6c196fb61882bd07320N.exe
1712	7edfe677a3c7d6c196fb61882bd07320N.exe
1120	7edfe677a3c7d6c196fb61882bd07320N.exe
276	7edfe677a3c7d6c196fb61882bd07320N.exe
1168	7edfe677a3c7d6c196fb61882bd07320N.exe
2768	7edfe677a3c7d6c196fb61882bd07320N.exe
2804	7edfe677a3c7d6c196fb61882bd07320N.exe
3044	7edfe677a3c7d6c196fb61882bd07320N.exe
2628	7edfe677a3c7d6c196fb61882bd07320N.exe
1160	7edfe677a3c7d6c196fb61882bd07320N.exe
852	7edfe677a3c7d6c196fb61882bd07320N.exe
720	7edfe677a3c7d6c196fb61882bd07320N.exe
2044	7edfe677a3c7d6c196fb61882bd07320N.exe
1476	7edfe677a3c7d6c196fb61882bd07320N.exe
572	7edfe677a3c7d6c196fb61882bd07320N.exe
1772	7edfe677a3c7d6c196fb61882bd07320N.exe
268	7edfe677a3c7d6c196fb61882bd07320N.exe
2396	7edfe677a3c7d6c196fb61882bd07320N.exe
1880	7edfe677a3c7d6c196fb61882bd07320N.exe
1552	7edfe677a3c7d6c196fb61882bd07320N.exe
1632	7edfe677a3c7d6c196fb61882bd07320N.exe
1632	7edfe677a3c7d6c196fb61882bd07320N.exe
2272	7edfe677a3c7d6c196fb61882bd07320N.exe
2272	7edfe677a3c7d6c196fb61882bd07320N.exe
1716	7edfe677a3c7d6c196fb61882bd07320N.exe
1716	7edfe677a3c7d6c196fb61882bd07320N.exe
2404	7edfe677a3c7d6c196fb61882bd07320N.exe
2404	7edfe677a3c7d6c196fb61882bd07320N.exe
2876	7edfe677a3c7d6c196fb61882bd07320N.exe
2876	7edfe677a3c7d6c196fb61882bd07320N.exe
1744	7edfe677a3c7d6c196fb61882bd07320N.exe
1744	7edfe677a3c7d6c196fb61882bd07320N.exe
1760	7edfe677a3c7d6c196fb61882bd07320N.exe
1760	7edfe677a3c7d6c196fb61882bd07320N.exe
276	7edfe677a3c7d6c196fb61882bd07320N.exe
276	7edfe677a3c7d6c196fb61882bd07320N.exe
276	7edfe677a3c7d6c196fb61882bd07320N.exe
2768	7edfe677a3c7d6c196fb61882bd07320N.exe
2768	7edfe677a3c7d6c196fb61882bd07320N.exe
2768	7edfe677a3c7d6c196fb61882bd07320N.exe
2928	7edfe677a3c7d6c196fb61882bd07320N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3044 wrote to memory of 2768	3044	7edfe677a3c7d6c196fb61882bd07320N.exe	30
PID 3044 wrote to memory of 2768	3044	7edfe677a3c7d6c196fb61882bd07320N.exe	30
PID 3044 wrote to memory of 2768	3044	7edfe677a3c7d6c196fb61882bd07320N.exe	30
PID 3044 wrote to memory of 2768	3044	7edfe677a3c7d6c196fb61882bd07320N.exe	30
PID 2768 wrote to memory of 1712	2768	7edfe677a3c7d6c196fb61882bd07320N.exe	31
PID 2768 wrote to memory of 1712	2768	7edfe677a3c7d6c196fb61882bd07320N.exe	31
PID 2768 wrote to memory of 1712	2768	7edfe677a3c7d6c196fb61882bd07320N.exe	31
PID 2768 wrote to memory of 1712	2768	7edfe677a3c7d6c196fb61882bd07320N.exe	31
PID 3044 wrote to memory of 2804	3044	7edfe677a3c7d6c196fb61882bd07320N.exe	32
PID 3044 wrote to memory of 2804	3044	7edfe677a3c7d6c196fb61882bd07320N.exe	32
PID 3044 wrote to memory of 2804	3044	7edfe677a3c7d6c196fb61882bd07320N.exe	32
PID 3044 wrote to memory of 2804	3044	7edfe677a3c7d6c196fb61882bd07320N.exe	32
PID 1712 wrote to memory of 1772	1712	7edfe677a3c7d6c196fb61882bd07320N.exe	33
PID 1712 wrote to memory of 1772	1712	7edfe677a3c7d6c196fb61882bd07320N.exe	33
PID 1712 wrote to memory of 1772	1712	7edfe677a3c7d6c196fb61882bd07320N.exe	33
PID 1712 wrote to memory of 1772	1712	7edfe677a3c7d6c196fb61882bd07320N.exe	33
PID 2768 wrote to memory of 2272	2768	7edfe677a3c7d6c196fb61882bd07320N.exe	34
PID 2768 wrote to memory of 2272	2768	7edfe677a3c7d6c196fb61882bd07320N.exe	34
PID 2768 wrote to memory of 2272	2768	7edfe677a3c7d6c196fb61882bd07320N.exe	34
PID 2768 wrote to memory of 2272	2768	7edfe677a3c7d6c196fb61882bd07320N.exe	34
PID 2804 wrote to memory of 2024	2804	7edfe677a3c7d6c196fb61882bd07320N.exe	35
PID 2804 wrote to memory of 2024	2804	7edfe677a3c7d6c196fb61882bd07320N.exe	35
PID 2804 wrote to memory of 2024	2804	7edfe677a3c7d6c196fb61882bd07320N.exe	35
PID 2804 wrote to memory of 2024	2804	7edfe677a3c7d6c196fb61882bd07320N.exe	35
PID 3044 wrote to memory of 276	3044	7edfe677a3c7d6c196fb61882bd07320N.exe	36
PID 3044 wrote to memory of 276	3044	7edfe677a3c7d6c196fb61882bd07320N.exe	36
PID 3044 wrote to memory of 276	3044	7edfe677a3c7d6c196fb61882bd07320N.exe	36
PID 3044 wrote to memory of 276	3044	7edfe677a3c7d6c196fb61882bd07320N.exe	36
PID 1772 wrote to memory of 1476	1772	7edfe677a3c7d6c196fb61882bd07320N.exe	37
PID 1772 wrote to memory of 1476	1772	7edfe677a3c7d6c196fb61882bd07320N.exe	37
PID 1772 wrote to memory of 1476	1772	7edfe677a3c7d6c196fb61882bd07320N.exe	37
PID 1772 wrote to memory of 1476	1772	7edfe677a3c7d6c196fb61882bd07320N.exe	37
PID 2272 wrote to memory of 2044	2272	7edfe677a3c7d6c196fb61882bd07320N.exe	38
PID 2272 wrote to memory of 2044	2272	7edfe677a3c7d6c196fb61882bd07320N.exe	38
PID 2272 wrote to memory of 2044	2272	7edfe677a3c7d6c196fb61882bd07320N.exe	38
PID 2272 wrote to memory of 2044	2272	7edfe677a3c7d6c196fb61882bd07320N.exe	38
PID 2024 wrote to memory of 1880	2024	7edfe677a3c7d6c196fb61882bd07320N.exe	39
PID 2024 wrote to memory of 1880	2024	7edfe677a3c7d6c196fb61882bd07320N.exe	39
PID 2024 wrote to memory of 1880	2024	7edfe677a3c7d6c196fb61882bd07320N.exe	39
PID 2024 wrote to memory of 1880	2024	7edfe677a3c7d6c196fb61882bd07320N.exe	39
PID 1712 wrote to memory of 572	1712	7edfe677a3c7d6c196fb61882bd07320N.exe	40
PID 1712 wrote to memory of 572	1712	7edfe677a3c7d6c196fb61882bd07320N.exe	40
PID 1712 wrote to memory of 572	1712	7edfe677a3c7d6c196fb61882bd07320N.exe	40
PID 1712 wrote to memory of 572	1712	7edfe677a3c7d6c196fb61882bd07320N.exe	40
PID 276 wrote to memory of 2896	276	7edfe677a3c7d6c196fb61882bd07320N.exe	41
PID 276 wrote to memory of 2896	276	7edfe677a3c7d6c196fb61882bd07320N.exe	41
PID 276 wrote to memory of 2896	276	7edfe677a3c7d6c196fb61882bd07320N.exe	41
PID 276 wrote to memory of 2896	276	7edfe677a3c7d6c196fb61882bd07320N.exe	41
PID 2768 wrote to memory of 2876	2768	7edfe677a3c7d6c196fb61882bd07320N.exe	42
PID 2768 wrote to memory of 2876	2768	7edfe677a3c7d6c196fb61882bd07320N.exe	42
PID 2768 wrote to memory of 2876	2768	7edfe677a3c7d6c196fb61882bd07320N.exe	42
PID 2768 wrote to memory of 2876	2768	7edfe677a3c7d6c196fb61882bd07320N.exe	42
PID 2804 wrote to memory of 1120	2804	7edfe677a3c7d6c196fb61882bd07320N.exe	43
PID 2804 wrote to memory of 1120	2804	7edfe677a3c7d6c196fb61882bd07320N.exe	43
PID 2804 wrote to memory of 1120	2804	7edfe677a3c7d6c196fb61882bd07320N.exe	43
PID 2804 wrote to memory of 1120	2804	7edfe677a3c7d6c196fb61882bd07320N.exe	43
PID 3044 wrote to memory of 1168	3044	7edfe677a3c7d6c196fb61882bd07320N.exe	44
PID 3044 wrote to memory of 1168	3044	7edfe677a3c7d6c196fb61882bd07320N.exe	44
PID 3044 wrote to memory of 1168	3044	7edfe677a3c7d6c196fb61882bd07320N.exe	44
PID 3044 wrote to memory of 1168	3044	7edfe677a3c7d6c196fb61882bd07320N.exe	44
PID 1476 wrote to memory of 2628	1476	7edfe677a3c7d6c196fb61882bd07320N.exe	45
PID 1476 wrote to memory of 2628	1476	7edfe677a3c7d6c196fb61882bd07320N.exe	45
PID 1476 wrote to memory of 2628	1476	7edfe677a3c7d6c196fb61882bd07320N.exe	45
PID 1476 wrote to memory of 2628	1476	7edfe677a3c7d6c196fb61882bd07320N.exe	45

C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
"C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3044
- C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
  "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2768
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1712
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1772
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1476
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        8⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        9⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        10⤵
        
        PID:10936
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        10⤵
        
        PID:21304
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        9⤵
        
        PID:8096
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        10⤵
        
        PID:27248
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        9⤵
        
        PID:14296
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        8⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        9⤵
        
        PID:8972
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        9⤵
        
        PID:14792
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        9⤵
        
        PID:24260
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        8⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        8⤵
        
        PID:11140
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        8⤵
        
        PID:20988
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        8⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        9⤵
        
        PID:10544
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        9⤵
        
        PID:16128
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        9⤵
        
        PID:24492
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        8⤵
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        8⤵
        
        PID:13572
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        8⤵
        
        PID:21724
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        8⤵
        
        PID:8876
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        8⤵
        
        PID:14736
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        8⤵
        
        PID:27200
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        8⤵
        
        PID:23908
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:11132
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:21012
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        8⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        9⤵
        
        PID:11500
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        9⤵
        
        PID:24236
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        8⤵
        
        PID:8908
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        8⤵
        
        PID:14888
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        8⤵
        
        PID:9512
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        8⤵
        
        PID:15348
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        8⤵
        
        PID:21176
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:7256
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:13040
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:21740
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        8⤵
        
        PID:11184
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        8⤵
        
        PID:21700
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:8404
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:13836
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:23916
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:9572
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:15748
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:24688
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:7356
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:12220
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:21152
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:720
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        8⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        8⤵
        
        PID:10800
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        8⤵
        
        PID:21208
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        8⤵
        
        PID:11208
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        8⤵
        
        PID:21716
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:8720
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:14640
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:21608
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        8⤵
        
        PID:11260
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        8⤵
        
        PID:21216
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:8736
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:14368
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:24600
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:10000
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:20704
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:7344
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:11376
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:24100
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:2780
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:7584
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:11368
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:21192
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:24484
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:9308
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:15304
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:24608
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:3788
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:20628
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:9584
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:15824
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:24616
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:5356
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:9708
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:15336
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:24728
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:7792
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:14136
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:24500
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:572
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:852
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        8⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        8⤵
        
        PID:9680
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        8⤵
        
        PID:14764
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        8⤵
        
        PID:27232
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        8⤵
        
        PID:10584
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        8⤵
        
        PID:16112
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        8⤵
        
        PID:24132
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:7180
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:10760
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:24028
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        8⤵
        
        PID:11216
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        8⤵
        
        PID:21628
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:8900
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:14856
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:24404
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:9952
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:21124
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:7640
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:12236
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:15756
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:24824
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:2096
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        8⤵
        
        PID:27256
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:8860
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:14444
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:24760
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:11192
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:21748
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:8304
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:14800
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:24436
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:3708
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:11700
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:15264
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:24316
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:9112
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:14668
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:24680
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:5224
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:9992
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:21004
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:7632
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:13016
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:21732
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2404
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:2984
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:8688
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:14712
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:24656
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:6928
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:10856
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:20516
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:3692
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:7516
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:12928
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:24244
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:5788
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:24736
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:9560
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:15500
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:24300
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:3132
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:4256
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:9168
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:14684
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:24640
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:6148
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:9728
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:20696
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:4020
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:7836
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:13024
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:20748
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:5800
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:9776
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:15492
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:24388
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2272
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2044
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1160
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        8⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        9⤵
        
        PID:10180
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        9⤵
        
        PID:15408
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        9⤵
        
        PID:24712
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        8⤵
        
        PID:7352
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        8⤵
        
        PID:10728
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        8⤵
        
        PID:21288
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        8⤵
        
        PID:9520
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        8⤵
        
        PID:15416
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        8⤵
        
        PID:24348
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:9256
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:14616
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:24816
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        8⤵
        
        PID:10960
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        8⤵
        
        PID:24072
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:8320
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:14356
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:24800
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:9012
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:14460
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:27224
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:6328
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:11112
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:21676
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:1720
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        8⤵
        
        PID:11716
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        8⤵
        
        PID:15396
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        8⤵
        
        PID:24776
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:8264
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:15276
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:24252
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:9348
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:14912
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:27216
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:7700
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:14196
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:3644
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:11492
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:24120
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:8696
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:14432
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:24420
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:4976
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:9544
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:13392
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:21232
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:7264
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:11432
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:21652
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2396
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:2820
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:6868
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:10752
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:21264
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:6576
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:8824
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:14544
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:4876
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:3932
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:6268
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:10272
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:20720
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:5636
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:10980
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:21272
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:8128
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:10864
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:20956
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:2868
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:4232
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:8084
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:14844
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:6416
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:27168
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:10248
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:20712
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:3956
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:6376
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:10280
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:20972
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:5664
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:10380
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:20964
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:8312
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:14692
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:24664
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2876
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1552
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:2764
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:8256
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:14408
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:21616
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:20740
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:9980
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:20508
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:4024
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:6676
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:8892
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:14880
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:24332
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:5824
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:11200
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:21668
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:8704
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:14772
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:2032
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:4508
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:8372
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:14588
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:6856
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:10776
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:24108
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:3984
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:6712
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:8884
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:14808
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:23656
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:5896
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:11176
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:21644
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:8868
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:14752
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:27240
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1744
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:3108
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:4216
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:9128
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:15284
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:24268
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:6032
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:9736
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:20980
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:3808
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:7432
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:11424
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:21636
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:5920
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:20568
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:9552
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:15484
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:24284
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:1740
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:4628
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:8748
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:14400
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:2104
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:6908
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:11120
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:21144
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:1204
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:6992
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:11104
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:21684
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:5168
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:20484
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:9300
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:15320
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:24808
- C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
  "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2804
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2024
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1880
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:268
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        8⤵
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        8⤵
        
        PID:14148
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:9784
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:15440
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:24452
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:9696
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:15812
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:24648
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:10156
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:15388
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:24848
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:7108
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:10768
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:21200
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:2808
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:13032
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:20764
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:6284
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:10264
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:16076
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:24428
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:3844
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:24460
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:9720
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:21132
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:5480
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:10188
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:20500
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:7288
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:10744
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:24088
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1632
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:1044
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:8356
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:14700
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:24632
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:6652
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:8852
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:14728
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:27208
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:3976
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:11708
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:15256
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:24292
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:8844
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:14720
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:24696
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:5708
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:10968
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:21280
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:8380
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:13180
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:24768
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:3124
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:5096
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:9136
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:14608
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:24624
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:6276
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:9248
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:14780
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:25172
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:3968
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:7552
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:12212
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:21296
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:5948
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:21340
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:9528
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:15704
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:24412
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1120
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:2176
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:3236
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:9316
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:15872
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:6944
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:9268
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:15328
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:1668
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:2340
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:7460
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:13004
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:20756
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:5768
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:9972
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:20728
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:3432
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:5108
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:9536
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:15904
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:24508
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:7364
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:13188
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:24476
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:4288
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:8116
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:13444
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:22112
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:6504
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:10400
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:24036
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:2276
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:3456
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:4272
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:8232
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:14624
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:4360
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:7276
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:11440
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:21828
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:4312
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:8168
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:10736
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:21160
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:6520
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:19020
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:10392
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:21320
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:3188
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:4284
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:9064
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:15024
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:24380
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:7160
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:9748
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:15516
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:24356
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:3748
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:7224
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:11416
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:21168
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:5876
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:9276
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:14392
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:23416
- C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
  "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:276
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2896
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1760
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:2076
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:8936
        
        C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        7⤵
        
        PID:14832
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:6900
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:10792
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:20996
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:4088
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:6664
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:9224
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:14424
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:24720
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:6120
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:20580
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:9104
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:14676
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:24784
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:3328
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:4900
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:9192
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:14376
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:24752
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:7172
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:11408
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:20524
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:4248
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:8248
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:14340
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:24584
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:6552
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:11392
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:21660
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:10372
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:21248
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1716
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:1972
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:4772
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:8680
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:14652
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:24704
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:6948
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:20780
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:11296
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:21692
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:4040
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:6848
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:10592
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:20492
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:5888
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:11484
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:21184
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:8728
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:14128
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:24832
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:1052
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:4748
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:8832
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:14864
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:24444
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:6920
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:10872
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:21708
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:2692
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:6840
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:10784
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:21332
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:6024
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:11240
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:21312
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:8980
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:14348
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:4760
- C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
  "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1168
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:680
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:3220
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:4832
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:8992
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:14504
      - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        6⤵
        
        PID:27192
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:6888
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:9240
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:14904
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:24968
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:3796
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:7544
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:11692
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:15468
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:24276
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:5980
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:20556
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:9292
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:15292
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:24744
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:3228
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:4428
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:9120
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:15008
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:24308
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:7148
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:9760
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:15508
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:24340
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:3624
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:7956
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:14168
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:24324
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:6196
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:9688
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:15780
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:24672
- C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
  "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2928
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:3144
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:4408
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:9152
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:14632
    - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
        5⤵
        
        PID:6076
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:6304
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:9232
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:14384
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:24856
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:3652
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:7732
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:12228
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:15832
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:24840
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:5760
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:9284
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:15312
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:24792
- C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
  "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
  2⤵
  PID:3320
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:4740
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:9376
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:15880
  - - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
      "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
      4⤵
      PID:24468
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:6516
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:9768
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:15476
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:24396
- C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
  "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
  2⤵
  PID:4276
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:8064
- - C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
    "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
    3⤵
    PID:14572
- C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
  "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
  2⤵
  PID:6472
- C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
  "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
  2⤵
  PID:10256
- C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe
  "C:\Users\Admin\AppData\Local\Temp\7edfe677a3c7d6c196fb61882bd07320N.exe"
  2⤵
  PID:21224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\italian animal blowjob lesbian glans fishy .mpeg.exe

Filesize
1.9MB

MD5
dc671178552ccbc9da33b8b952d56b1a

SHA1
08da17d79f54dc67bd1213a520d07267891c58d2

SHA256
55afe1c66d5b4ac856346a81953fa072ee6d5a18e8a82105b1fbab25f8ae2389

SHA512
69365af17407621145bec604900dbd189679cd2f156584497e079e53601ea74625a5144698a78c22cc7572a8a96220171c22b08295391e72e2b22f91fbcc9d18

Download Submit
C:\debug.txt

Filesize
183B

MD5
be9262a02ac00fe549683af5cac9ad38

SHA1
494fb40031424a4c8115b21e9cbe49e4b0a9eb8f

SHA256
5c6cd72a13cbbbd59f1c05cbfbaf36d30c3ed44f441b5d09eb24ecd6d168bf95

SHA512
6dc0289e9c4e3103ce46d1e9d6b75ceb9cfb2e05f2c26f4cc668679c444fae1c911667e562b0b732a24b5af8006ab34dcaf69412d8e3d68dd787385402e56ae3

Download Submit
memory/268-112-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/268-126-0x0000000001E90000-0x0000000001EBB000-memory.dmp

Filesize
172KB

Download
memory/276-97-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/572-122-0x00000000050A0000-0x00000000050CB000-memory.dmp

Filesize
172KB

Download
memory/572-103-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/572-164-0x00000000050A0000-0x00000000050CB000-memory.dmp

Filesize
172KB

Download
memory/720-162-0x0000000005070000-0x000000000509B000-memory.dmp

Filesize
172KB

Download
memory/720-110-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/852-163-0x0000000004F40000-0x0000000004F6B000-memory.dmp

Filesize
172KB

Download
memory/852-111-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1044-132-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1052-138-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1120-105-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1120-115-0x0000000005060000-0x000000000508B000-memory.dmp

Filesize
172KB

Download
memory/1120-151-0x0000000005060000-0x000000000508B000-memory.dmp

Filesize
172KB

Download
memory/1160-158-0x00000000045F0000-0x000000000461B000-memory.dmp

Filesize
172KB

Download
memory/1160-118-0x00000000045F0000-0x000000000461B000-memory.dmp

Filesize
172KB

Download
memory/1160-109-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1168-106-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1248-154-0x0000000001F90000-0x0000000001FBB000-memory.dmp

Filesize
172KB

Download
memory/1248-117-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1476-160-0x0000000004A60000-0x0000000004A8B000-memory.dmp

Filesize
172KB

Download
memory/1476-178-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1476-108-0x0000000004A50000-0x0000000004A7B000-memory.dmp

Filesize
172KB

Download
memory/1476-119-0x0000000004A60000-0x0000000004A8B000-memory.dmp

Filesize
172KB

Download
memory/1476-99-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1552-113-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1552-127-0x00000000044B0000-0x00000000044DB000-memory.dmp

Filesize
172KB

Download
memory/1620-161-0x0000000004BE0000-0x0000000004C0B000-memory.dmp

Filesize
172KB

Download
memory/1620-121-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1632-130-0x0000000004E10000-0x0000000004E3B000-memory.dmp

Filesize
172KB

Download
memory/1712-169-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1712-141-0x0000000005080000-0x00000000050AB000-memory.dmp

Filesize
172KB

Download
memory/1712-88-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1712-172-0x0000000004E00000-0x0000000004E2B000-memory.dmp

Filesize
172KB

Download
memory/1712-91-0x0000000004E00000-0x0000000004E2B000-memory.dmp

Filesize
172KB

Download
memory/1716-134-0x0000000004440000-0x000000000446B000-memory.dmp

Filesize
172KB

Download
memory/1720-120-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1740-137-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1760-135-0x0000000004590000-0x00000000045BB000-memory.dmp

Filesize
172KB

Download
memory/1772-98-0x0000000004F50000-0x0000000004F7B000-memory.dmp

Filesize
172KB

Download
memory/1772-92-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1772-173-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1772-177-0x0000000004F50000-0x0000000004F7B000-memory.dmp

Filesize
172KB

Download
memory/1880-102-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1880-123-0x0000000002100000-0x000000000212B000-memory.dmp

Filesize
172KB

Download
memory/2024-96-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2024-140-0x0000000005070000-0x000000000509B000-memory.dmp

Filesize
172KB

Download
memory/2024-176-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2024-114-0x0000000005070000-0x000000000509B000-memory.dmp

Filesize
172KB

Download
memory/2044-101-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2044-180-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2044-159-0x0000000004CF0000-0x0000000004D1B000-memory.dmp

Filesize
172KB

Download
memory/2076-136-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2176-147-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/2272-128-0x0000000004F50000-0x0000000004F7B000-memory.dmp

Filesize
172KB

Download
memory/2272-179-0x0000000004E10000-0x0000000004E3B000-memory.dmp

Filesize
172KB

Download
memory/2272-175-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2272-94-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2272-100-0x0000000004E10000-0x0000000004E3B000-memory.dmp

Filesize
172KB

Download
memory/2276-152-0x0000000004620000-0x000000000464B000-memory.dmp

Filesize
172KB

Download
memory/2348-174-0x0000000005070000-0x000000000509B000-memory.dmp

Filesize
172KB

Download
memory/2396-124-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/2628-116-0x00000000050B0000-0x00000000050DB000-memory.dmp

Filesize
172KB

Download
memory/2628-156-0x00000000050B0000-0x00000000050DB000-memory.dmp

Filesize
172KB

Download
memory/2764-131-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2768-93-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/2768-65-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2768-87-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/2768-168-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/2768-167-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2804-95-0x0000000000830000-0x000000000085B000-memory.dmp

Filesize
172KB

Download
memory/2804-144-0x0000000004610000-0x000000000463B000-memory.dmp

Filesize
172KB

Download
memory/2804-171-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2804-90-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2808-125-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2820-129-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2876-133-0x0000000004F30000-0x0000000004F5B000-memory.dmp

Filesize
172KB

Download
memory/2876-104-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2984-139-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3044-149-0x00000000051B0000-0x00000000051DB000-memory.dmp

Filesize
172KB

Download
memory/3044-89-0x00000000051A0000-0x00000000051CB000-memory.dmp

Filesize
172KB

Download
memory/3044-166-0x00000000051A0000-0x00000000051CB000-memory.dmp

Filesize
172KB

Download
memory/3044-165-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3044-64-0x00000000051A0000-0x00000000051CB000-memory.dmp

Filesize
172KB

Download
memory/3044-170-0x00000000051A0000-0x00000000051CB000-memory.dmp

Filesize
172KB

Download
memory/3044-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3108-142-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3124-148-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3132-143-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3144-150-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3188-145-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3228-146-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3456-153-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3516-155-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3552-157-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download