98d0a44e1b276447171884d175d335d911564fa5fd0c93f291a0295890b0cf30

Analysis

max time kernel
22s
max time network
87s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
16/07/2024, 06:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

84e96d6da834fdf47808525ae5225380N.exe
Size

575KB
MD5

84e96d6da834fdf47808525ae5225380
SHA1

91f6829733d04d12e53962c63ac45fdc5873221e
SHA256

98d0a44e1b276447171884d175d335d911564fa5fd0c93f291a0295890b0cf30
SHA512

5c6f89363bcf3d0bbb54130a849c089f075147a61437edee30163ea14692a8b819de53614b4888eb1e28e1d20c5df661fffb507ea41fa37deabcca91372a9d65
SSDEEP

12288:zXCNi9B+qefGz+1POJkpD85FvrsyONQG+tjWDL3GQgn6L:2W+bfGi1PO8DuFvnk/+tH6

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	84e96d6da834fdf47808525ae5225380N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\L:	84e96d6da834fdf47808525ae5225380N.exe
File opened (read-only)	\??\P:	84e96d6da834fdf47808525ae5225380N.exe
File opened (read-only)	\??\T:	84e96d6da834fdf47808525ae5225380N.exe
File opened (read-only)	\??\U:	84e96d6da834fdf47808525ae5225380N.exe
File opened (read-only)	\??\X:	84e96d6da834fdf47808525ae5225380N.exe
File opened (read-only)	\??\B:	84e96d6da834fdf47808525ae5225380N.exe
File opened (read-only)	\??\G:	84e96d6da834fdf47808525ae5225380N.exe
File opened (read-only)	\??\S:	84e96d6da834fdf47808525ae5225380N.exe
File opened (read-only)	\??\E:	84e96d6da834fdf47808525ae5225380N.exe
File opened (read-only)	\??\J:	84e96d6da834fdf47808525ae5225380N.exe
File opened (read-only)	\??\K:	84e96d6da834fdf47808525ae5225380N.exe
File opened (read-only)	\??\O:	84e96d6da834fdf47808525ae5225380N.exe
File opened (read-only)	\??\Q:	84e96d6da834fdf47808525ae5225380N.exe
File opened (read-only)	\??\R:	84e96d6da834fdf47808525ae5225380N.exe
File opened (read-only)	\??\V:	84e96d6da834fdf47808525ae5225380N.exe
File opened (read-only)	\??\W:	84e96d6da834fdf47808525ae5225380N.exe
File opened (read-only)	\??\I:	84e96d6da834fdf47808525ae5225380N.exe
File opened (read-only)	\??\Y:	84e96d6da834fdf47808525ae5225380N.exe
File opened (read-only)	\??\H:	84e96d6da834fdf47808525ae5225380N.exe
File opened (read-only)	\??\M:	84e96d6da834fdf47808525ae5225380N.exe
File opened (read-only)	\??\N:	84e96d6da834fdf47808525ae5225380N.exe
File opened (read-only)	\??\Z:	84e96d6da834fdf47808525ae5225380N.exe
File opened (read-only)	\??\A:	84e96d6da834fdf47808525ae5225380N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\indian sperm several models .avi.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\SysWOW64\FxsTmp\norwegian fucking lesbian catfight legs .zip.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\SysWOW64\IME\shared\action lingerie several models glans redhair .avi.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\System32\DriverStore\Temp\sperm fucking several models bedroom .zip.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\gang bang lesbian legs .avi.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\SysWOW64\FxsTmp\indian kicking porn hot (!) mistress .avi.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\SysWOW64\IME\shared\black bukkake lesbian uncut (Kathrin,Sonja).avi.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\handjob [bangbus] YEâPSè& (Kathrin).zip.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\blowjob lesbian (Sonja,Kathrin).mpeg.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\asian animal trambling hidden sweet (Gina,Liz).mpeg.exe	84e96d6da834fdf47808525ae5225380N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\fucking bukkake big (Sylvia,Sonja).mpg.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\nude fetish sleeping girly .zip.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\hardcore hot (!) 40+ .rar.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Program Files\DVD Maker\Shared\fetish hot (!) granny .mpg.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\beast fucking sleeping 50+ .avi.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\chinese animal girls titts (Liz,Sonja).mpeg.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\malaysia hardcore xxx [milf] titts .mpg.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Program Files (x86)\Google\Temp\xxx catfight .avi.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Program Files\Windows Journal\Templates\gay big glans young .rar.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Program Files (x86)\Google\Update\Download\tyrkish nude xxx sleeping glans .mpeg.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\cum [free] glans circumcision .avi.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\italian handjob sperm lesbian hole upskirt .avi.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\japanese lingerie trambling sleeping ash (Sandy,Melissa).avi.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\brasilian xxx xxx [bangbus] penetration .mpg.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\russian lingerie several models .rar.exe	84e96d6da834fdf47808525ae5225380N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\chinese cumshot girls ash .zip.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\indian horse lesbian (Christine,Jade).zip.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\hardcore horse lesbian shower .mpeg.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\lesbian gay catfight YEâPSè& (Liz).zip.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\german lingerie voyeur bedroom .zip.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\nude fucking [milf] blondie .avi.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\norwegian handjob porn several models (Janette,Sandy).rar.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\swedish gay kicking uncut swallow .mpg.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\swedish kicking [free] vagina YEâPSè& .mpg.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\sperm horse hot (!) .rar.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\british horse lesbian catfight hole (Ashley).mpg.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\lingerie fetish sleeping .mpg.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\xxx [bangbus] titts YEâPSè& .mpeg.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\sperm catfight femdom (Christine,Karin).zip.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\black handjob fetish big (Sylvia).zip.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\kicking uncut titts penetration .zip.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\xxx cumshot uncut .zip.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\japanese lesbian [bangbus] .avi.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\japanese beast horse sleeping .avi.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\malaysia beast [bangbus] (Karin,Ashley).rar.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\spanish lesbian [free] .mpg.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\tyrkish gay action [milf] leather (Sarah,Sandy).zip.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\nude hardcore catfight bedroom .mpg.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\lingerie lingerie voyeur .mpg.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\brasilian beast blowjob girls .zip.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\brasilian gang bang cum [bangbus] legs high heels .mpeg.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\brasilian fucking girls (Ashley,Janette).zip.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\cum sleeping shower .rar.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\mssrv.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\beastiality public .avi.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\russian nude full movie mature (Jade).rar.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\italian trambling hot (!) YEâPSè& .mpg.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\porn beast big boobs swallow .rar.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\gang bang porn [milf] (Sylvia).avi.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\beast action hidden traffic .rar.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\norwegian trambling beastiality voyeur castration (Anniston).mpg.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\asian cumshot hidden granny .avi.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\french lesbian fetish masturbation .zip.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\kicking uncut (Tatjana,Kathrin).avi.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\spanish nude [bangbus] (Gina,Janette).mpg.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\japanese bukkake several models (Tatjana).avi.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\russian kicking full movie castration .zip.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\canadian xxx blowjob catfight sm (Jade,Jade).mpg.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\winsxs\InstallTemp\black cum [bangbus] mistress (Janette,Janette).rar.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\winsxs\Temp\chinese cumshot blowjob [milf] lady .mpg.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\african fetish gang bang hot (!) hole shoes (Kathrin,Sandy).avi.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\japanese blowjob catfight .rar.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\french porn big .mpg.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\french cumshot masturbation (Sonja,Janette).zip.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\gang bang uncut vagina fishy (Sonja,Curtney).zip.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\assembly\temp\norwegian kicking blowjob [bangbus] ash gorgeoushorny .avi.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\beast lesbian [free] (Sarah).avi.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\sperm gay hot (!) hotel .zip.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\swedish horse lingerie licking (Sarah).mpeg.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\danish lingerie [milf] .mpeg.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\gang bang [milf] wifey .mpeg.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\trambling masturbation (Karin).avi.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\swedish kicking hardcore big cock femdom .avi.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\handjob hot (!) feet ìï (Samantha).rar.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\blowjob cum public girly .zip.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\spanish porn fucking [bangbus] legs ìï .zip.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\indian trambling licking .avi.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\african sperm fetish several models sweet .mpeg.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\PLA\Templates\norwegian bukkake kicking [bangbus] (Jenna,Sonja).rar.exe	84e96d6da834fdf47808525ae5225380N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1620	84e96d6da834fdf47808525ae5225380N.exe
2680	84e96d6da834fdf47808525ae5225380N.exe
1620	84e96d6da834fdf47808525ae5225380N.exe
2108	84e96d6da834fdf47808525ae5225380N.exe
2516	84e96d6da834fdf47808525ae5225380N.exe
2680	84e96d6da834fdf47808525ae5225380N.exe
1620	84e96d6da834fdf47808525ae5225380N.exe
1640	84e96d6da834fdf47808525ae5225380N.exe
684	84e96d6da834fdf47808525ae5225380N.exe
808	84e96d6da834fdf47808525ae5225380N.exe
2108	84e96d6da834fdf47808525ae5225380N.exe
3008	84e96d6da834fdf47808525ae5225380N.exe
2516	84e96d6da834fdf47808525ae5225380N.exe
2680	84e96d6da834fdf47808525ae5225380N.exe
1620	84e96d6da834fdf47808525ae5225380N.exe
3044	84e96d6da834fdf47808525ae5225380N.exe
1580	84e96d6da834fdf47808525ae5225380N.exe
2992	84e96d6da834fdf47808525ae5225380N.exe
2888	84e96d6da834fdf47808525ae5225380N.exe
1640	84e96d6da834fdf47808525ae5225380N.exe
2240	84e96d6da834fdf47808525ae5225380N.exe
2140	84e96d6da834fdf47808525ae5225380N.exe
1752	84e96d6da834fdf47808525ae5225380N.exe
2108	84e96d6da834fdf47808525ae5225380N.exe
684	84e96d6da834fdf47808525ae5225380N.exe
1840	84e96d6da834fdf47808525ae5225380N.exe
2516	84e96d6da834fdf47808525ae5225380N.exe
808	84e96d6da834fdf47808525ae5225380N.exe
3008	84e96d6da834fdf47808525ae5225380N.exe
2680	84e96d6da834fdf47808525ae5225380N.exe
1620	84e96d6da834fdf47808525ae5225380N.exe
928	84e96d6da834fdf47808525ae5225380N.exe
3044	84e96d6da834fdf47808525ae5225380N.exe
2312	84e96d6da834fdf47808525ae5225380N.exe
2440	84e96d6da834fdf47808525ae5225380N.exe
1968	84e96d6da834fdf47808525ae5225380N.exe
1580	84e96d6da834fdf47808525ae5225380N.exe
2208	84e96d6da834fdf47808525ae5225380N.exe
1744	84e96d6da834fdf47808525ae5225380N.exe
1640	84e96d6da834fdf47808525ae5225380N.exe
2204	84e96d6da834fdf47808525ae5225380N.exe
2888	84e96d6da834fdf47808525ae5225380N.exe
2992	84e96d6da834fdf47808525ae5225380N.exe
2140	84e96d6da834fdf47808525ae5225380N.exe
2108	84e96d6da834fdf47808525ae5225380N.exe
2108	84e96d6da834fdf47808525ae5225380N.exe
2516	84e96d6da834fdf47808525ae5225380N.exe
2516	84e96d6da834fdf47808525ae5225380N.exe
684	84e96d6da834fdf47808525ae5225380N.exe
684	84e96d6da834fdf47808525ae5225380N.exe
1192	84e96d6da834fdf47808525ae5225380N.exe
1192	84e96d6da834fdf47808525ae5225380N.exe
2240	84e96d6da834fdf47808525ae5225380N.exe
2240	84e96d6da834fdf47808525ae5225380N.exe
808	84e96d6da834fdf47808525ae5225380N.exe
808	84e96d6da834fdf47808525ae5225380N.exe
2132	84e96d6da834fdf47808525ae5225380N.exe
2132	84e96d6da834fdf47808525ae5225380N.exe
1752	84e96d6da834fdf47808525ae5225380N.exe
2892	84e96d6da834fdf47808525ae5225380N.exe
1752	84e96d6da834fdf47808525ae5225380N.exe
2892	84e96d6da834fdf47808525ae5225380N.exe
1840	84e96d6da834fdf47808525ae5225380N.exe
1840	84e96d6da834fdf47808525ae5225380N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1620 wrote to memory of 2680	1620	84e96d6da834fdf47808525ae5225380N.exe	30
PID 1620 wrote to memory of 2680	1620	84e96d6da834fdf47808525ae5225380N.exe	30
PID 1620 wrote to memory of 2680	1620	84e96d6da834fdf47808525ae5225380N.exe	30
PID 1620 wrote to memory of 2680	1620	84e96d6da834fdf47808525ae5225380N.exe	30
PID 2680 wrote to memory of 2108	2680	84e96d6da834fdf47808525ae5225380N.exe	31
PID 2680 wrote to memory of 2108	2680	84e96d6da834fdf47808525ae5225380N.exe	31
PID 2680 wrote to memory of 2108	2680	84e96d6da834fdf47808525ae5225380N.exe	31
PID 2680 wrote to memory of 2108	2680	84e96d6da834fdf47808525ae5225380N.exe	31
PID 1620 wrote to memory of 2516	1620	84e96d6da834fdf47808525ae5225380N.exe	32
PID 1620 wrote to memory of 2516	1620	84e96d6da834fdf47808525ae5225380N.exe	32
PID 1620 wrote to memory of 2516	1620	84e96d6da834fdf47808525ae5225380N.exe	32
PID 1620 wrote to memory of 2516	1620	84e96d6da834fdf47808525ae5225380N.exe	32
PID 2108 wrote to memory of 1640	2108	84e96d6da834fdf47808525ae5225380N.exe	33
PID 2108 wrote to memory of 1640	2108	84e96d6da834fdf47808525ae5225380N.exe	33
PID 2108 wrote to memory of 1640	2108	84e96d6da834fdf47808525ae5225380N.exe	33
PID 2108 wrote to memory of 1640	2108	84e96d6da834fdf47808525ae5225380N.exe	33
PID 2516 wrote to memory of 684	2516	84e96d6da834fdf47808525ae5225380N.exe	34
PID 2516 wrote to memory of 684	2516	84e96d6da834fdf47808525ae5225380N.exe	34
PID 2516 wrote to memory of 684	2516	84e96d6da834fdf47808525ae5225380N.exe	34
PID 2516 wrote to memory of 684	2516	84e96d6da834fdf47808525ae5225380N.exe	34
PID 2680 wrote to memory of 808	2680	84e96d6da834fdf47808525ae5225380N.exe	35
PID 2680 wrote to memory of 808	2680	84e96d6da834fdf47808525ae5225380N.exe	35
PID 2680 wrote to memory of 808	2680	84e96d6da834fdf47808525ae5225380N.exe	35
PID 2680 wrote to memory of 808	2680	84e96d6da834fdf47808525ae5225380N.exe	35
PID 1620 wrote to memory of 3008	1620	84e96d6da834fdf47808525ae5225380N.exe	36
PID 1620 wrote to memory of 3008	1620	84e96d6da834fdf47808525ae5225380N.exe	36
PID 1620 wrote to memory of 3008	1620	84e96d6da834fdf47808525ae5225380N.exe	36
PID 1620 wrote to memory of 3008	1620	84e96d6da834fdf47808525ae5225380N.exe	36
PID 1640 wrote to memory of 3044	1640	84e96d6da834fdf47808525ae5225380N.exe	37
PID 1640 wrote to memory of 3044	1640	84e96d6da834fdf47808525ae5225380N.exe	37
PID 1640 wrote to memory of 3044	1640	84e96d6da834fdf47808525ae5225380N.exe	37
PID 1640 wrote to memory of 3044	1640	84e96d6da834fdf47808525ae5225380N.exe	37
PID 2108 wrote to memory of 1580	2108	84e96d6da834fdf47808525ae5225380N.exe	38
PID 2108 wrote to memory of 1580	2108	84e96d6da834fdf47808525ae5225380N.exe	38
PID 2108 wrote to memory of 1580	2108	84e96d6da834fdf47808525ae5225380N.exe	38
PID 2108 wrote to memory of 1580	2108	84e96d6da834fdf47808525ae5225380N.exe	38
PID 684 wrote to memory of 2992	684	84e96d6da834fdf47808525ae5225380N.exe	39
PID 684 wrote to memory of 2992	684	84e96d6da834fdf47808525ae5225380N.exe	39
PID 684 wrote to memory of 2992	684	84e96d6da834fdf47808525ae5225380N.exe	39
PID 684 wrote to memory of 2992	684	84e96d6da834fdf47808525ae5225380N.exe	39
PID 808 wrote to memory of 2888	808	84e96d6da834fdf47808525ae5225380N.exe	40
PID 808 wrote to memory of 2888	808	84e96d6da834fdf47808525ae5225380N.exe	40
PID 808 wrote to memory of 2888	808	84e96d6da834fdf47808525ae5225380N.exe	40
PID 808 wrote to memory of 2888	808	84e96d6da834fdf47808525ae5225380N.exe	40
PID 3008 wrote to memory of 2240	3008	84e96d6da834fdf47808525ae5225380N.exe	41
PID 3008 wrote to memory of 2240	3008	84e96d6da834fdf47808525ae5225380N.exe	41
PID 3008 wrote to memory of 2240	3008	84e96d6da834fdf47808525ae5225380N.exe	41
PID 3008 wrote to memory of 2240	3008	84e96d6da834fdf47808525ae5225380N.exe	41
PID 2516 wrote to memory of 2140	2516	84e96d6da834fdf47808525ae5225380N.exe	42
PID 2516 wrote to memory of 2140	2516	84e96d6da834fdf47808525ae5225380N.exe	42
PID 2516 wrote to memory of 2140	2516	84e96d6da834fdf47808525ae5225380N.exe	42
PID 2516 wrote to memory of 2140	2516	84e96d6da834fdf47808525ae5225380N.exe	42
PID 2680 wrote to memory of 1752	2680	84e96d6da834fdf47808525ae5225380N.exe	43
PID 2680 wrote to memory of 1752	2680	84e96d6da834fdf47808525ae5225380N.exe	43
PID 2680 wrote to memory of 1752	2680	84e96d6da834fdf47808525ae5225380N.exe	43
PID 2680 wrote to memory of 1752	2680	84e96d6da834fdf47808525ae5225380N.exe	43
PID 1620 wrote to memory of 1840	1620	84e96d6da834fdf47808525ae5225380N.exe	44
PID 1620 wrote to memory of 1840	1620	84e96d6da834fdf47808525ae5225380N.exe	44
PID 1620 wrote to memory of 1840	1620	84e96d6da834fdf47808525ae5225380N.exe	44
PID 1620 wrote to memory of 1840	1620	84e96d6da834fdf47808525ae5225380N.exe	44
PID 3044 wrote to memory of 928	3044	84e96d6da834fdf47808525ae5225380N.exe	45
PID 3044 wrote to memory of 928	3044	84e96d6da834fdf47808525ae5225380N.exe	45
PID 3044 wrote to memory of 928	3044	84e96d6da834fdf47808525ae5225380N.exe	45
PID 3044 wrote to memory of 928	3044	84e96d6da834fdf47808525ae5225380N.exe	45

C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
"C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1620
- C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
  "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2680
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2108
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1640
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:3044
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:308
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        9⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        10⤵
        
        PID:11788
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        10⤵
        
        PID:16584
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        9⤵
        
        PID:8356
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        10⤵
        
        PID:21480
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        9⤵
        
        PID:15532
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        9⤵
        
        PID:9468
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        9⤵
        
        PID:15388
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:7332
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        9⤵
        
        PID:22824
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:12284
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:15812
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        9⤵
        
        PID:11044
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        9⤵
        
        PID:15876
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:8380
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        9⤵
        
        PID:23388
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:15588
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:9192
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:16320
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:21556
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:11588
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:22164
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        9⤵
        
        PID:10648
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        9⤵
        
        PID:17128
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:8388
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        9⤵
        
        PID:21596
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:15312
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:9420
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:16144
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:22912
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:11708
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:16992
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:12188
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:16456
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:8908
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:15664
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:9876
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:16564
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:7456
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:21216
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:12212
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:15916
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1968
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        9⤵
        
        PID:11768
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        9⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:8924
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:15764
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:9428
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:15852
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:7400
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:22904
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:11800
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:17088
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:12856
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:9072
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:12416
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:9412
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:15908
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:7472
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:21444
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:11808
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:16920
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:1628
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:14936
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:10032
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:16764
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:10432
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:16804
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:23092
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:15280
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:3800
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:15192
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:9628
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:17192
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:5304
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:9984
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:17096
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:8008
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:23152
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:14944
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1580
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2312
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        9⤵
        
        PID:11428
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        9⤵
        
        PID:19308
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:8948
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:15372
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:9360
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:15740
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:7448
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:22632
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:12220
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:21656
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:12276
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:15796
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:9056
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:15612
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:10084
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:16780
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:7480
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:21548
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:11716
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:16872
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:2112
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:11532
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:18824
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:8956
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:15956
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:9116
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:13076
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:7440
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:23100
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:11760
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:16428
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:3816
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:15516
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:9620
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:16888
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:5320
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:10324
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:17480
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:8024
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:23184
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:15104
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1744
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:2716
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:7640
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:12204
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:15884
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:15564
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:9908
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:16336
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:4084
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:16492
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:10464
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:17040
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:5856
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:10480
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:16812
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:8676
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:15708
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:1524
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:3968
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:15640
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:10052
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:17152
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:5612
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:10548
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:17032
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:8304
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:15468
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:3808
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:6188
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:14992
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:9548
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:15364
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:5312
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:10216
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:17064
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:8016
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:23076
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:15048
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:808
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2888
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2208
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        9⤵
        
        PID:15320
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:10100
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:17000
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:11144
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:17024
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:8140
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:15264
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:13964
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:9020
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:23176
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:15352
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:10092
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:16904
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:7664
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:12424
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:2836
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:7492
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:21436
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:12400
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:15056
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:9564
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:15820
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:4004
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:15064
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:10364
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:16828
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:5792
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:10472
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:17072
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:8612
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:22896
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:15096
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:1904
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:3176
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:10040
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:17048
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:23168
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:15112
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:4500
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:8188
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:23200
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:15476
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:6840
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:15656
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:10396
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:17200
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:2884
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:4176
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:7344
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:23056
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:12180
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:15788
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:6244
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:15152
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:9580
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:16360
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:4036
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:6988
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:2972
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:10380
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:17212
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:5824
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:11228
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:16280
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:8740
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:23160
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:15208
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1752
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:1508
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:3212
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:9652
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:17136
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:7656
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:12464
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:4540
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:8264
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:15272
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:6876
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:16476
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:10348
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:16844
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:2840
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:4188
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:7540
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:23192
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:15128
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:6268
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:15508
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:9612
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:16880
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:4028
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:6948
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:15200
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:10784
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:21572
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:16936
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:5800
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:10656
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:21564
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:16960
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:8588
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:21416
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:15692
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:2136
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:3328
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:5180
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:9868
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:15892
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:7672
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:21580
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:12456
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:4592
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:8364
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:2260
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:16344
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:6996
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:15396
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:11060
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:15900
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:3144
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:5012
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:9436
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:16328
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:7416
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:23216
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:12988
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:4508
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:8232
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:15412
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:6824
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:23128
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:10760
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:16912
- C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
  "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2516
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:684
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2992
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2440
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        9⤵
        
        PID:11220
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        9⤵
        
        PID:21664
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:8916
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:15756
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:9152
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:12408
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:7464
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:21604
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:12260
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:15828
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:11460
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:22040
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:8940
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:15724
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:9204
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:15648
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:7408
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:21516
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:12236
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:15836
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:2712
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:21612
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:11100
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:17160
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:12820
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:9376
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:15684
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:3824
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:15524
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:9556
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:15380
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:5352
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:10156
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:17104
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:8040
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:23064
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:15184
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2132
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:2660
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:8688
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:15288
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:16484
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:10356
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:17244
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:4060
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:940
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:10404
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:16788
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:5840
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:10496
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:18364
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:8644
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:15540
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:2944
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:4260
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:7588
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:22920
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:12252
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:15860
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:6308
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:15216
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:9604
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:16756
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:4068
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:6320
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:15572
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:11052
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:15844
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:5832
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:12172
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:484
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:8620
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:21532
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:15500
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2140
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2204
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:2176
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:7516
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:21468
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:12228
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:15868
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:15428
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:9572
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:16556
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:4020
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:15624
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:10372
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:16820
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:5808
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:10536
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:22624
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:17144
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:8932
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:16296
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:2748
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:4120
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:7252
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:18516
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:11068
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:16256
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:6160
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:14824
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:9368
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:15780
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:3832
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:6356
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:15420
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:9596
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:22888
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:17172
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:5328
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:10012
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:17756
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:8032
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:15492
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:1092
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:3248
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:5208
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:9660
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:16984
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:7688
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:21588
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:14972
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:4548
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:8328
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:16308
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:6920
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:15716
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:10388
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:18264
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:2860
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:3980
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:6732
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:14928
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:10108
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:16976
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:5620
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:10444
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:17772
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:8312
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:2676
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:15436
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:3716
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:6128
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:11396
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:22616
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:9048
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:15596
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:5152
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:9852
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:16548
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:7680
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:22928
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:15120
- C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
  "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3008
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2240
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2892
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:3116
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:9028
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:15676
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:7260
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:18928
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:11076
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:21408
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:4472
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:23084
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:15296
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:6816
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:15924
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:10752
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:16952
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:3068
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:4136
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:7284
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:2392
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:11540
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:17420
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:6224
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:15000
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:9588
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:17112
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:4012
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:6928
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:15948
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:10420
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:17080
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:5816
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:10796
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:16796
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:8732
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:15460
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:1736
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:3164
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:5116
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:9712
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:21540
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:17016
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:7524
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:23144
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:12244
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:16264
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:4492
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:8152
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:16272
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:6860
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:15304
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:10776
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:16928
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:3136
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:4932
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:9684
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:15748
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:7376
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:21524
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:12196
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:15804
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:4516
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:8200
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:15344
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:6832
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:15700
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:10768
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:17428
- C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
  "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1840
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1192
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:3096
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:4732
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:9064
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:15932
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:7268
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:15072
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:11548
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:16944
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:4436
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:7948
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:15008
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:6592
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:15336
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:10060
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:17056
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:1776
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:4276
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:7580
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:12964
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:6364
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:15144
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:9900
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:23232
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:16376
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:4076
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:7088
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:15404
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:10744
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:16968
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:5848
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:12268
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:17008
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:8652
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:15556
- C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
  "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
  2⤵
  PID:1700
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:3356
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:5244
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:9992
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:16772
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:7696
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:23224
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:15088
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:4584
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:8344
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:23112
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:15328
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:7016
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:15772
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:10412
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:17468
- C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
  "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
  2⤵
  PID:3128
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:4876
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:9540
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:15940
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:7324
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:23208
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:12808
- C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
  "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
  2⤵
  PID:4484
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:8104
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:15484
- C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
  "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
  2⤵
  PID:6808
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:15632
- C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
  "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
  2⤵
  PID:10340
- C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
  "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
  2⤵
  PID:17764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\italian handjob sperm lesbian hole upskirt .avi.exe

Filesize
1.6MB

MD5
881bb07c1bbe8cd7902aa9ab6f8c8999

SHA1
9a7695b3677a28d7ba311efc345e780e0570d5e9

SHA256
ac39ce53e3e8cff08229d54714581b379f067ca0996ff6ca813cf9275de5cf51

SHA512
5128d683aee982ebbaee6a476ce3109c92a5a1a391c2c75a0e4c25c5f2a3b46b64bc11d24e4d7cb19835fddb22b22c80bdedd37e0b7aaa23614292431aa00add

Download Submit
C:\debug.txt

Filesize
183B

MD5
c25e8750ed6d1d394e8afbffbee5b83c

SHA1
85f4629c4df766b1a77292a5e4a9178725f823a4

SHA256
d038b53a832c5d1e5966b4f35009297517885b4862d240ca1e1c2fe799847bbd

SHA512
3211f1364d2f0f075c2ebb964bb66b80ceea86674d9ef33b16b33e7e7934caadc577ec063a5d807c8982c0c7df17917376d74dd4b28822768004a2b1ce060f0a

Download Submit