178e381b3ba0272af35bff751869860285db8791ebf918d0df375d9897e67eff

Analysis

max time kernel
21s
max time network
98s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
16/07/2024, 10:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ac27dc7b2f18d58d2973ee2f498af390N.exe
Size

724KB
MD5

ac27dc7b2f18d58d2973ee2f498af390
SHA1

50a780ba391b1a48a9b449dca785bc194a51e167
SHA256

178e381b3ba0272af35bff751869860285db8791ebf918d0df375d9897e67eff
SHA512

abd0f2e47a5c7f50c43fc74125b217afc63cba9d771f13ad200b1342bace1a643fc02e714bf0ec5e6739fbd573de20f381a0776998621c81abe920b377a7f363
SSDEEP

12288:lXa8s4Jw5/da6vtI2Ra3E328f2g5ggRWEdjtmQa6pz9gnh7n/h/B0n:lq8DJw5A6ve2Ra0d1JdRShb/hmn

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	ac27dc7b2f18d58d2973ee2f498af390N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\I:	ac27dc7b2f18d58d2973ee2f498af390N.exe
File opened (read-only)	\??\J:	ac27dc7b2f18d58d2973ee2f498af390N.exe
File opened (read-only)	\??\N:	ac27dc7b2f18d58d2973ee2f498af390N.exe
File opened (read-only)	\??\S:	ac27dc7b2f18d58d2973ee2f498af390N.exe
File opened (read-only)	\??\U:	ac27dc7b2f18d58d2973ee2f498af390N.exe
File opened (read-only)	\??\B:	ac27dc7b2f18d58d2973ee2f498af390N.exe
File opened (read-only)	\??\E:	ac27dc7b2f18d58d2973ee2f498af390N.exe
File opened (read-only)	\??\G:	ac27dc7b2f18d58d2973ee2f498af390N.exe
File opened (read-only)	\??\Y:	ac27dc7b2f18d58d2973ee2f498af390N.exe
File opened (read-only)	\??\Z:	ac27dc7b2f18d58d2973ee2f498af390N.exe
File opened (read-only)	\??\M:	ac27dc7b2f18d58d2973ee2f498af390N.exe
File opened (read-only)	\??\O:	ac27dc7b2f18d58d2973ee2f498af390N.exe
File opened (read-only)	\??\P:	ac27dc7b2f18d58d2973ee2f498af390N.exe
File opened (read-only)	\??\T:	ac27dc7b2f18d58d2973ee2f498af390N.exe
File opened (read-only)	\??\A:	ac27dc7b2f18d58d2973ee2f498af390N.exe
File opened (read-only)	\??\K:	ac27dc7b2f18d58d2973ee2f498af390N.exe
File opened (read-only)	\??\L:	ac27dc7b2f18d58d2973ee2f498af390N.exe
File opened (read-only)	\??\W:	ac27dc7b2f18d58d2973ee2f498af390N.exe
File opened (read-only)	\??\X:	ac27dc7b2f18d58d2973ee2f498af390N.exe
File opened (read-only)	\??\Q:	ac27dc7b2f18d58d2973ee2f498af390N.exe
File opened (read-only)	\??\R:	ac27dc7b2f18d58d2973ee2f498af390N.exe
File opened (read-only)	\??\V:	ac27dc7b2f18d58d2973ee2f498af390N.exe
File opened (read-only)	\??\H:	ac27dc7b2f18d58d2973ee2f498af390N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\norwegian handjob hot (!) stockings .zip.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\french blowjob nude lesbian .rar.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\SysWOW64\FxsTmp\danish sperm cumshot lesbian (Britney,Anniston).avi.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\SysWOW64\IME\shared\hardcore [free] high heels .rar.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\System32\DriverStore\Temp\black nude horse voyeur .mpg.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\SysWOW64\FxsTmp\italian action several models ash ejaculation (Kathrin,Kathrin).mpg.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\SysWOW64\IME\shared\french beastiality gang bang hidden granny (Christine).mpg.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\italian handjob beastiality sleeping wifey .mpg.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\norwegian action horse [bangbus] penetration .mpg.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\spanish beastiality several models hole .avi.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\fetish gay hidden 40+ .mpeg.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\spanish fetish uncut black hairunshaved .mpeg.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\tyrkish xxx masturbation ejaculation .mpg.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\blowjob handjob voyeur granny .avi.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\asian cumshot sperm [bangbus] cock hairy .mpg.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Program Files (x86)\Google\Update\Download\fucking sperm uncut leather .avi.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\beastiality cumshot masturbation mistress (Gina).avi.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\black kicking uncut titts blondie .avi.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\norwegian horse fetish voyeur high heels .zip.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Program Files (x86)\Google\Temp\african action catfight cock balls .rar.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\beastiality kicking voyeur (Jade).avi.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\porn nude girls 50+ .avi.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\beastiality [bangbus] .avi.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Program Files\DVD Maker\Shared\malaysia lingerie trambling licking (Curtney).mpg.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Program Files\Windows Journal\Templates\lingerie sleeping latex .rar.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\gay bukkake girls balls (Sonja).mpg.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\assembly\temp\malaysia animal action full movie penetration .mpg.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\canadian lingerie public 40+ (Sarah,Sonja).mpeg.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\german gang bang [free] (Jade).mpg.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\handjob horse [milf] boobs gorgeoushorny .rar.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\danish gang bang sperm girls .rar.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\cum uncut glans .avi.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\chinese action sperm masturbation ìï .mpg.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\malaysia horse catfight legs pregnant .mpeg.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\british horse gay [free] .zip.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\beast gay lesbian .rar.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\british xxx catfight latex .mpg.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\russian gay gang bang public (Sonja).mpeg.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\tyrkish xxx big upskirt .avi.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\fetish porn big titts .mpg.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\american lingerie girls boobs boots .avi.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\french sperm licking 40+ .rar.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\security\templates\spanish blowjob blowjob catfight .avi.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\swedish beast hot (!) feet .avi.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\swedish cumshot beastiality big hotel .rar.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\horse [bangbus] 40+ (Sarah).mpeg.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\danish action gay uncut girly .mpg.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\xxx several models stockings .zip.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\mssrv.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\swedish sperm catfight young .rar.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\cum masturbation (Sonja,Sonja).mpeg.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\horse public .mpeg.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\horse several models .rar.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\indian lingerie masturbation mistress (Christine).rar.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\brasilian bukkake hot (!) (Gina).mpg.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\brasilian beastiality public (Samantha).avi.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\fucking voyeur .mpeg.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\Downloaded Program Files\chinese bukkake masturbation sm .rar.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\russian xxx several models vagina .avi.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\nude girls feet .mpeg.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\german xxx cumshot uncut mature (Christine).mpeg.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\italian beast lesbian shoes (Sandy).avi.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\chinese beastiality trambling several models .rar.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\cum beast hot (!) (Ashley,Sonja).avi.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\canadian beast sleeping .mpg.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\danish hardcore [free] femdom .mpeg.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\british fucking [free] nipples ejaculation .avi.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\handjob horse [free] legs upskirt .zip.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\spanish animal masturbation legs .avi.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\british xxx trambling licking .mpeg.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\danish kicking big boobs boots .rar.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\canadian beast kicking full movie YEâPSè& .zip.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\black beastiality fetish public shoes (Kathrin,Tatjana).mpg.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\bukkake [free] legs .zip.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\beastiality fetish public feet .zip.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\bukkake hardcore big mature .mpeg.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\canadian beastiality hot (!) .mpeg.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\lingerie nude hidden .mpg.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\cumshot beast girls cock YEâPSè& (Curtney,Jenna).avi.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\fucking hardcore voyeur legs shower (Janette).avi.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\trambling gang bang catfight redhair (Britney).avi.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\sperm several models swallow (Jade,Sarah).mpeg.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\british horse girls nipples bondage .mpg.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\PLA\Templates\fetish nude licking legs (Samantha).zip.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\spanish cumshot animal full movie balls (Kathrin,Sonja).rar.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\blowjob [milf] hole mistress (Sarah).mpg.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\chinese sperm girls redhair (Samantha).rar.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\cum catfight ash girly .rar.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\lesbian trambling public ash boots (Ashley).zip.exe	ac27dc7b2f18d58d2973ee2f498af390N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1940	ac27dc7b2f18d58d2973ee2f498af390N.exe
2652	ac27dc7b2f18d58d2973ee2f498af390N.exe
1940	ac27dc7b2f18d58d2973ee2f498af390N.exe
2392	ac27dc7b2f18d58d2973ee2f498af390N.exe
2084	ac27dc7b2f18d58d2973ee2f498af390N.exe
2652	ac27dc7b2f18d58d2973ee2f498af390N.exe
1940	ac27dc7b2f18d58d2973ee2f498af390N.exe
2996	ac27dc7b2f18d58d2973ee2f498af390N.exe
2392	ac27dc7b2f18d58d2973ee2f498af390N.exe
2860	ac27dc7b2f18d58d2973ee2f498af390N.exe
2924	ac27dc7b2f18d58d2973ee2f498af390N.exe
2916	ac27dc7b2f18d58d2973ee2f498af390N.exe
2652	ac27dc7b2f18d58d2973ee2f498af390N.exe
2084	ac27dc7b2f18d58d2973ee2f498af390N.exe
1940	ac27dc7b2f18d58d2973ee2f498af390N.exe
668	ac27dc7b2f18d58d2973ee2f498af390N.exe
564	ac27dc7b2f18d58d2973ee2f498af390N.exe
2996	ac27dc7b2f18d58d2973ee2f498af390N.exe
2332	ac27dc7b2f18d58d2973ee2f498af390N.exe
2040	ac27dc7b2f18d58d2973ee2f498af390N.exe
2392	ac27dc7b2f18d58d2973ee2f498af390N.exe
1328	ac27dc7b2f18d58d2973ee2f498af390N.exe
960	ac27dc7b2f18d58d2973ee2f498af390N.exe
2860	ac27dc7b2f18d58d2973ee2f498af390N.exe
1904	ac27dc7b2f18d58d2973ee2f498af390N.exe
2916	ac27dc7b2f18d58d2973ee2f498af390N.exe
2924	ac27dc7b2f18d58d2973ee2f498af390N.exe
2244	ac27dc7b2f18d58d2973ee2f498af390N.exe
2652	ac27dc7b2f18d58d2973ee2f498af390N.exe
2084	ac27dc7b2f18d58d2973ee2f498af390N.exe
1940	ac27dc7b2f18d58d2973ee2f498af390N.exe
2964	ac27dc7b2f18d58d2973ee2f498af390N.exe
1120	ac27dc7b2f18d58d2973ee2f498af390N.exe
444	ac27dc7b2f18d58d2973ee2f498af390N.exe
668	ac27dc7b2f18d58d2973ee2f498af390N.exe
2156	ac27dc7b2f18d58d2973ee2f498af390N.exe
1320	ac27dc7b2f18d58d2973ee2f498af390N.exe
564	ac27dc7b2f18d58d2973ee2f498af390N.exe
1504	ac27dc7b2f18d58d2973ee2f498af390N.exe
2996	ac27dc7b2f18d58d2973ee2f498af390N.exe
2996	ac27dc7b2f18d58d2973ee2f498af390N.exe
2916	ac27dc7b2f18d58d2973ee2f498af390N.exe
2916	ac27dc7b2f18d58d2973ee2f498af390N.exe
2332	ac27dc7b2f18d58d2973ee2f498af390N.exe
2332	ac27dc7b2f18d58d2973ee2f498af390N.exe
2076	ac27dc7b2f18d58d2973ee2f498af390N.exe
2076	ac27dc7b2f18d58d2973ee2f498af390N.exe
1764	ac27dc7b2f18d58d2973ee2f498af390N.exe
1764	ac27dc7b2f18d58d2973ee2f498af390N.exe
2392	ac27dc7b2f18d58d2973ee2f498af390N.exe
2392	ac27dc7b2f18d58d2973ee2f498af390N.exe
1512	ac27dc7b2f18d58d2973ee2f498af390N.exe
1512	ac27dc7b2f18d58d2973ee2f498af390N.exe
1524	ac27dc7b2f18d58d2973ee2f498af390N.exe
1524	ac27dc7b2f18d58d2973ee2f498af390N.exe
2040	ac27dc7b2f18d58d2973ee2f498af390N.exe
2860	ac27dc7b2f18d58d2973ee2f498af390N.exe
2860	ac27dc7b2f18d58d2973ee2f498af390N.exe
2040	ac27dc7b2f18d58d2973ee2f498af390N.exe
1520	ac27dc7b2f18d58d2973ee2f498af390N.exe
1520	ac27dc7b2f18d58d2973ee2f498af390N.exe
800	ac27dc7b2f18d58d2973ee2f498af390N.exe
800	ac27dc7b2f18d58d2973ee2f498af390N.exe
2924	ac27dc7b2f18d58d2973ee2f498af390N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1940 wrote to memory of 2652	1940	ac27dc7b2f18d58d2973ee2f498af390N.exe	30
PID 1940 wrote to memory of 2652	1940	ac27dc7b2f18d58d2973ee2f498af390N.exe	30
PID 1940 wrote to memory of 2652	1940	ac27dc7b2f18d58d2973ee2f498af390N.exe	30
PID 1940 wrote to memory of 2652	1940	ac27dc7b2f18d58d2973ee2f498af390N.exe	30
PID 2652 wrote to memory of 2392	2652	ac27dc7b2f18d58d2973ee2f498af390N.exe	31
PID 2652 wrote to memory of 2392	2652	ac27dc7b2f18d58d2973ee2f498af390N.exe	31
PID 2652 wrote to memory of 2392	2652	ac27dc7b2f18d58d2973ee2f498af390N.exe	31
PID 2652 wrote to memory of 2392	2652	ac27dc7b2f18d58d2973ee2f498af390N.exe	31
PID 1940 wrote to memory of 2084	1940	ac27dc7b2f18d58d2973ee2f498af390N.exe	32
PID 1940 wrote to memory of 2084	1940	ac27dc7b2f18d58d2973ee2f498af390N.exe	32
PID 1940 wrote to memory of 2084	1940	ac27dc7b2f18d58d2973ee2f498af390N.exe	32
PID 1940 wrote to memory of 2084	1940	ac27dc7b2f18d58d2973ee2f498af390N.exe	32
PID 2392 wrote to memory of 2996	2392	ac27dc7b2f18d58d2973ee2f498af390N.exe	33
PID 2392 wrote to memory of 2996	2392	ac27dc7b2f18d58d2973ee2f498af390N.exe	33
PID 2392 wrote to memory of 2996	2392	ac27dc7b2f18d58d2973ee2f498af390N.exe	33
PID 2392 wrote to memory of 2996	2392	ac27dc7b2f18d58d2973ee2f498af390N.exe	33
PID 2652 wrote to memory of 2860	2652	ac27dc7b2f18d58d2973ee2f498af390N.exe	34
PID 2652 wrote to memory of 2860	2652	ac27dc7b2f18d58d2973ee2f498af390N.exe	34
PID 2652 wrote to memory of 2860	2652	ac27dc7b2f18d58d2973ee2f498af390N.exe	34
PID 2652 wrote to memory of 2860	2652	ac27dc7b2f18d58d2973ee2f498af390N.exe	34
PID 2084 wrote to memory of 2916	2084	ac27dc7b2f18d58d2973ee2f498af390N.exe	35
PID 2084 wrote to memory of 2916	2084	ac27dc7b2f18d58d2973ee2f498af390N.exe	35
PID 2084 wrote to memory of 2916	2084	ac27dc7b2f18d58d2973ee2f498af390N.exe	35
PID 2084 wrote to memory of 2916	2084	ac27dc7b2f18d58d2973ee2f498af390N.exe	35
PID 1940 wrote to memory of 2924	1940	ac27dc7b2f18d58d2973ee2f498af390N.exe	36
PID 1940 wrote to memory of 2924	1940	ac27dc7b2f18d58d2973ee2f498af390N.exe	36
PID 1940 wrote to memory of 2924	1940	ac27dc7b2f18d58d2973ee2f498af390N.exe	36
PID 1940 wrote to memory of 2924	1940	ac27dc7b2f18d58d2973ee2f498af390N.exe	36
PID 2996 wrote to memory of 668	2996	ac27dc7b2f18d58d2973ee2f498af390N.exe	37
PID 2996 wrote to memory of 668	2996	ac27dc7b2f18d58d2973ee2f498af390N.exe	37
PID 2996 wrote to memory of 668	2996	ac27dc7b2f18d58d2973ee2f498af390N.exe	37
PID 2996 wrote to memory of 668	2996	ac27dc7b2f18d58d2973ee2f498af390N.exe	37
PID 2392 wrote to memory of 564	2392	ac27dc7b2f18d58d2973ee2f498af390N.exe	38
PID 2392 wrote to memory of 564	2392	ac27dc7b2f18d58d2973ee2f498af390N.exe	38
PID 2392 wrote to memory of 564	2392	ac27dc7b2f18d58d2973ee2f498af390N.exe	38
PID 2392 wrote to memory of 564	2392	ac27dc7b2f18d58d2973ee2f498af390N.exe	38
PID 2860 wrote to memory of 2332	2860	ac27dc7b2f18d58d2973ee2f498af390N.exe	39
PID 2860 wrote to memory of 2332	2860	ac27dc7b2f18d58d2973ee2f498af390N.exe	39
PID 2860 wrote to memory of 2332	2860	ac27dc7b2f18d58d2973ee2f498af390N.exe	39
PID 2860 wrote to memory of 2332	2860	ac27dc7b2f18d58d2973ee2f498af390N.exe	39
PID 2916 wrote to memory of 1328	2916	ac27dc7b2f18d58d2973ee2f498af390N.exe	41
PID 2916 wrote to memory of 1328	2916	ac27dc7b2f18d58d2973ee2f498af390N.exe	41
PID 2916 wrote to memory of 1328	2916	ac27dc7b2f18d58d2973ee2f498af390N.exe	41
PID 2916 wrote to memory of 1328	2916	ac27dc7b2f18d58d2973ee2f498af390N.exe	41
PID 2924 wrote to memory of 2040	2924	ac27dc7b2f18d58d2973ee2f498af390N.exe	42
PID 2924 wrote to memory of 2040	2924	ac27dc7b2f18d58d2973ee2f498af390N.exe	42
PID 2924 wrote to memory of 2040	2924	ac27dc7b2f18d58d2973ee2f498af390N.exe	42
PID 2924 wrote to memory of 2040	2924	ac27dc7b2f18d58d2973ee2f498af390N.exe	42
PID 2652 wrote to memory of 1904	2652	ac27dc7b2f18d58d2973ee2f498af390N.exe	40
PID 2652 wrote to memory of 1904	2652	ac27dc7b2f18d58d2973ee2f498af390N.exe	40
PID 2652 wrote to memory of 1904	2652	ac27dc7b2f18d58d2973ee2f498af390N.exe	40
PID 2652 wrote to memory of 1904	2652	ac27dc7b2f18d58d2973ee2f498af390N.exe	40
PID 2084 wrote to memory of 960	2084	ac27dc7b2f18d58d2973ee2f498af390N.exe	43
PID 2084 wrote to memory of 960	2084	ac27dc7b2f18d58d2973ee2f498af390N.exe	43
PID 2084 wrote to memory of 960	2084	ac27dc7b2f18d58d2973ee2f498af390N.exe	43
PID 2084 wrote to memory of 960	2084	ac27dc7b2f18d58d2973ee2f498af390N.exe	43
PID 1940 wrote to memory of 2244	1940	ac27dc7b2f18d58d2973ee2f498af390N.exe	44
PID 1940 wrote to memory of 2244	1940	ac27dc7b2f18d58d2973ee2f498af390N.exe	44
PID 1940 wrote to memory of 2244	1940	ac27dc7b2f18d58d2973ee2f498af390N.exe	44
PID 1940 wrote to memory of 2244	1940	ac27dc7b2f18d58d2973ee2f498af390N.exe	44
PID 668 wrote to memory of 2964	668	ac27dc7b2f18d58d2973ee2f498af390N.exe	45
PID 668 wrote to memory of 2964	668	ac27dc7b2f18d58d2973ee2f498af390N.exe	45
PID 668 wrote to memory of 2964	668	ac27dc7b2f18d58d2973ee2f498af390N.exe	45
PID 668 wrote to memory of 2964	668	ac27dc7b2f18d58d2973ee2f498af390N.exe	45

C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
"C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1940
- C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
  "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2652
- - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
    "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2392
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2996
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:668
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        8⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        9⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        10⤵
        
        PID:11140
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        10⤵
        
        PID:22504
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        9⤵
        
        PID:7304
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        9⤵
        
        PID:14996
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        9⤵
        
        PID:12516
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        8⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        9⤵
        
        PID:8928
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        9⤵
        
        PID:16984
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        8⤵
        
        PID:6656
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        9⤵
        
        PID:8168
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        8⤵
        
        PID:11304
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        8⤵
        
        PID:22972
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        8⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        9⤵
        
        PID:11232
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        9⤵
        
        PID:21592
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        8⤵
        
        PID:8268
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        8⤵
        
        PID:15048
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        8⤵
        
        PID:8984
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        8⤵
        
        PID:15580
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        8⤵
        
        PID:20304
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:11632
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:24076
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        8⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        9⤵
        
        PID:11096
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        9⤵
        
        PID:21640
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        8⤵
        
        PID:8420
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        8⤵
        
        PID:14916
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        8⤵
        
        PID:9452
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        8⤵
        
        PID:15288
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        8⤵
        
        PID:25388
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:11240
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:21688
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        8⤵
        
        PID:10960
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        8⤵
        
        PID:22812
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:8728
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:15704
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:9228
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:16560
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:7344
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:22224
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:12144
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:24536
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1120
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        8⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        9⤵
        
        PID:10764
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        9⤵
        
        PID:22496
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        8⤵
        
        PID:8412
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        9⤵
        
        PID:24780
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        8⤵
        
        PID:14932
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        8⤵
        
        PID:25580
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        8⤵
        
        PID:9704
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        8⤵
        
        PID:15712
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        8⤵
        
        PID:20720
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:11888
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:6632
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        8⤵
        
        PID:11324
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        8⤵
        
        PID:18860
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:8664
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:16572
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:9496
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        8⤵
        
        PID:24820
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:15388
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:22232
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:12808
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:24836
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:2260
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        8⤵
        
        PID:10968
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        8⤵
        
        PID:22512
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:10352
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:21984
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:10420
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:22208
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:7904
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:14984
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:25572
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:4060
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:15656
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:10104
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:18884
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:5584
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:11192
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:22488
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:7368
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:15272
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:25372
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:564
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:444
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        8⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        9⤵
        
        PID:11148
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        9⤵
        
        PID:22464
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        8⤵
        
        PID:8276
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        8⤵
        
        PID:14964
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        8⤵
        
        PID:9096
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        8⤵
        
        PID:11120
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        8⤵
        
        PID:7780
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        8⤵
        
        PID:21956
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:11676
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:24484
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        8⤵
        
        PID:11336
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        8⤵
        
        PID:20296
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:8500
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:14860
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:9140
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:12404
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:22396
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:7440
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:1596
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:12044
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:22588
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:2600
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        8⤵
        
        PID:11820
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        8⤵
        
        PID:22596
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:9444
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:17000
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:10048
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:17212
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:7852
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:12344
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:1616
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:3752
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:11788
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:22536
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:8784
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:15304
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:5212
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:9688
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:15940
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:7664
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:11032
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:20712
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1320
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:2720
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        8⤵
        
        PID:12088
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        8⤵
        
        PID:24544
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:8964
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:15396
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:25548
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:9716
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:15548
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:7656
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:24528
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:12800
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:25304
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:3784
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:12112
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:24368
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:8840
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:24812
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:15688
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:5220
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:9896
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:18748
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:7804
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:24712
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:12264
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:24512
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:2968
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:3268
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:15840
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:10392
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:18912
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:5616
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:10472
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:21600
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:8396
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:24500
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:14324
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:4076
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:6684
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:14008
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:24764
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:10376
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:18852
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:5592
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:11176
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:21200
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:8188
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:15056
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:25364
- - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
    "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2860
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2332
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2156
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        8⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        9⤵
        
        PID:11796
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        9⤵
        
        PID:22604
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        8⤵
        
        PID:8912
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        8⤵
        
        PID:17020
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        8⤵
        
        PID:9696
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        8⤵
        
        PID:15488
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:12872
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:24748
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        8⤵
        
        PID:12104
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        8⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:8712
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:15648
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:12776
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:9740
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:15312
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:7612
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:11072
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:21608
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:2264
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        8⤵
        
        PID:17244
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:11040
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:21648
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:11024
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:21584
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:8404
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:15296
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:4044
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:10720
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:15372
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:9928
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:18208
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:5576
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:11184
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:21576
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:7880
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:25380
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:14948
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2076
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:2212
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        8⤵
        
        PID:12524
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:14924
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:25596
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:18900
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:11056
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:21656
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:4372
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:8148
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:13180
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:25332
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:6420
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:12904
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:9868
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:19728
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:3020
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:4192
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:7696
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:25288
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:12388
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:22388
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:6240
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:12896
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:5792
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:9968
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:22192
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:852
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:6404
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:20144
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:11200
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:22520
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:5252
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:11804
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:1656
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:9468
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:16488
- - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
    "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1904
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:1676
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:3336
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:10028
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:18088
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:7680
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:12396
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:22412
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:4820
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:8720
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:15612
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:25588
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:6280
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:17440
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:11212
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:23252
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:1228
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:5040
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:8936
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:16992
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:7128
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:11256
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:21680
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:4700
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:8760
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:15672
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:7036
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:17976
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:10540
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:15328
- - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
    "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:800
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:3228
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:5032
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:9488
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:15680
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:12780
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:7360
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:19500
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:11896
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:22996
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:4740
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:8680
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:17136
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:7120
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:19088
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:11156
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:21780
- - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
    "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
    3⤵
    PID:2100
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:4468
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:8156
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:14868
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:6620
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:17456
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:9876
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:18768
- - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
    "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
    3⤵
    PID:4176
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:7576
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:11660
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:24384
- - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
    "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
    3⤵
    PID:6192
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:12816
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:6120
- - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
    "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
    3⤵
    PID:9664
- - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
    "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
    3⤵
    PID:15380
- C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
  "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2084
- - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
    "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2916
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1328
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1512
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        8⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        9⤵
        
        PID:24772
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        8⤵
        
        PID:14804
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        8⤵
        
        PID:25256
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        8⤵
        
        PID:17540
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:11088
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:21624
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:7992
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:12352
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:22988
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:17476
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:9920
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:21976
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:1752
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:7768
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:11080
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:21616
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:10752
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:15344
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:9960
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:18892
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:4104
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:20312
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:11296
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:21672
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:6140
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:12856
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:24788
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:8956
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:15624
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:25508
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1520
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:3192
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:9080
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:12272
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:8484
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:7272
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:21996
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:11668
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:24404
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:4764
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:8736
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:15640
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:7148
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:19100
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:11132
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:20848
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:2684
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:3352
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:15860
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:10500
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:22216
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:5776
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:11244
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:22472
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:8704
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:15500
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:4016
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:6480
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:17220
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:9944
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:20276
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:5532
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:10436
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:22240
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:8108
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:12912
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:24692
- - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
    "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:960
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:884
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:3240
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:9220
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:12232
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:6704
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:7312
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:20836
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:11652
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:24092
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:4792
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:8476
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:14908
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:25272
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:6204
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:17432
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:11104
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:20732
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:928
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:4340
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:7916
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:12336
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:6604
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:6396
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:12864
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:5624
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:9884
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:18200
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:4120
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:6712
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:20324
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:11640
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:24376
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:5132
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:12172
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:24476
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:9424
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:17504
- - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
    "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1524
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:2884
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:4664
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:8752
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:15528
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:7004
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:17956
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:10492
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:22980
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:4500
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:7336
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:25280
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:14900
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:25264
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:6812
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:14016
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:10112
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:21924
- - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
    "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
    3⤵
    PID:1792
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:4428
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:8068
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:12832
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:25312
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:6532
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:12888
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:24740
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:9976
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:22200
- - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
    "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
    3⤵
    PID:4156
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:7208
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:24804
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:11880
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:22612
- - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
    "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
    3⤵
    PID:5552
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:12164
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:24084
- - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
    "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
    3⤵
    PID:9460
- - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
    "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
    3⤵
    PID:16976
- C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
  "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2924
- - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
    "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2040
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1504
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:2316
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        8⤵
        
        PID:12052
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        8⤵
        
        PID:7352
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:9672
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:15364
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:10480
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:15336
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:7952
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:12360
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:24396
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:3932
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:12296
        
        C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        7⤵
        
        PID:24520
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:9268
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:12248
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:7908
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:5404
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:9680
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:15932
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:7884
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:12328
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:924
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:2456
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:4216
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:7784
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:12256
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:8164
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:6308
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:11696
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:24492
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:9952
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:18112
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:4144
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:7180
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:11684
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:24100
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:5628
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:12124
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:21940
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:9476
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:24860
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:17188
- - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
    "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1764
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:2764
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:4528
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:7812
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:15476
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:25356
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:6836
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:17404
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:9936
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:19236
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:4400
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:8124
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:14876
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:6520
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:10668
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:15352
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:9904
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:22248
- - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
    "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
    3⤵
    PID:912
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:4292
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:7892
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:24756
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:12824
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:25296
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:6384
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:12304
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:7520
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:9984
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:18868
- - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
    "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
    3⤵
    PID:4136
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:7144
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:19492
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:6460
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:18920
- - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
    "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
    3⤵
    PID:5436
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:11836
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:24328
- - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
    "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
    3⤵
    PID:9436
- - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
    "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
    3⤵
    PID:17156
- C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
  "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2244
- - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
    "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
    3⤵
    PID:1728
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:3300
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:10004
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:18296
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:7508
      - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        6⤵
        
        PID:8464
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:12096
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:24700
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:4800
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:8744
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:15632
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:6248
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:10976
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:22480
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:11124
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:21664
- - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
    "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
    3⤵
    PID:2700
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:4688
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:8452
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:14972
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:7024
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:19080
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:11048
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:21948
- - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
    "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
    3⤵
    PID:4484
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:8180
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:12880
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:25324
- - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
    "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
    3⤵
    PID:6664
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:17512
- - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
    "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
    3⤵
    PID:10384
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:5700
- - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
    "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
    3⤵
    PID:18784
- C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
  "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
  2⤵
  PID:2496
- - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
    "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
    3⤵
    PID:3260
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:5192
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:9388
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:17736
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:7548
    - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
        5⤵
        
        PID:17448
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:12060
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:22264
- - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
    "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
    3⤵
    PID:4808
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:8468
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:14852
- - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
    "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
    3⤵
    PID:7156
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:18776
- - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
    "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
    3⤵
    PID:11112
- - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
    "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
    3⤵
    PID:21632
- C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
  "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
  2⤵
  PID:3036
- - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
    "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
    3⤵
    PID:4544
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:8100
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:14940
- - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
    "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
    3⤵
    PID:6828
  - - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
      "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
      4⤵
      PID:18740
- - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
    "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
    3⤵
    PID:10096
- - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
    "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
    3⤵
    PID:19540
- C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
  "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
  2⤵
  PID:4452
- - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
    "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
    3⤵
    PID:8092
- - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
    "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
    3⤵
    PID:14956
- - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
    "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
    3⤵
    PID:25564
- C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
  "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
  2⤵
  PID:6544
- - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
    "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
    3⤵
    PID:10704
- - C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
    "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
    3⤵
    PID:15320
- C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
  "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
  2⤵
  PID:9912
- C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe
  "C:\Users\Admin\AppData\Local\Temp\ac27dc7b2f18d58d2973ee2f498af390N.exe"
  2⤵
  PID:18876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\beastiality kicking voyeur (Jade).avi.exe

Filesize
2.0MB

MD5
c328d79684605000bd785a4ec944716b

SHA1
d237b251ce332aa639d48457b6b0a74c32e0b72a

SHA256
f9c48a16b963822a8f28526a7a18c12c017409a45e1991b1fa42aae3d5f7e19f

SHA512
de478e42a32d88845500d8d91d802ec648d87b7ac11e0a379b331edeeaff6a0c30e8527887ab30285fb33340c8716543e7422a5274a182ab3762ab8e9ddf06ab

Download Submit
C:\debug.txt

Filesize
183B

MD5
adbb9c6ce48125671d38ca35e28e4e3a

SHA1
8daa50963803917db77b9d929b6274095f5922ba

SHA256
8d84dae297890ebfb07142442af2cc64a9d4266be3a50d509dd0f23a3df7f297

SHA512
e3ec23e53fc95d8441ddcbf69e22088114bc25e657fe7deec504e1974902621982c7545c8316f0b9fa22cf8f9715a25171f7872d2dd2548a3ec1fff74b1795e0

Download Submit
memory/444-146-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/564-125-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/564-105-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/668-104-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/668-121-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/800-135-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/800-162-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/884-136-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/884-163-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/960-137-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1120-145-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1120-119-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1320-152-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1320-124-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1328-108-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1328-133-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1504-128-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1504-155-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1512-180-0x00000000044E0000-0x00000000044FC000-memory.dmp

Filesize
112KB

Download
memory/1512-156-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1512-129-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1520-134-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1520-161-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1524-132-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1524-160-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1676-140-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1676-165-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1728-139-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1764-154-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1764-127-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1800-143-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1800-167-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1904-113-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1904-142-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1940-0-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1940-117-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1940-109-0x0000000004D30000-0x0000000004D4C000-memory.dmp

Filesize
112KB

Download
memory/1940-103-0x0000000004D20000-0x0000000004D3C000-memory.dmp

Filesize
112KB

Download
memory/1940-102-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1940-181-0x0000000004D40000-0x0000000004D5C000-memory.dmp

Filesize
112KB

Download
memory/1940-317-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1940-497-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1940-69-0x0000000004D20000-0x0000000004D3C000-memory.dmp

Filesize
112KB

Download
memory/2040-107-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2040-131-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2076-126-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2076-153-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2084-98-0x0000000004BA0000-0x0000000004BBC000-memory.dmp

Filesize
112KB

Download
memory/2084-93-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2084-179-0x0000000004BB0000-0x0000000004BCC000-memory.dmp

Filesize
112KB

Download
memory/2084-110-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2156-122-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2156-151-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2212-182-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2244-116-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2260-166-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2260-177-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2264-176-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2316-173-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2332-147-0x0000000004580000-0x000000000459C000-memory.dmp

Filesize
112KB

Download
memory/2332-120-0x0000000004580000-0x000000000459C000-memory.dmp

Filesize
112KB

Download
memory/2332-130-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2332-174-0x0000000004AF0000-0x0000000004B0C000-memory.dmp

Filesize
112KB

Download
memory/2360-157-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2392-92-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2392-123-0x0000000004AA0000-0x0000000004ABC000-memory.dmp

Filesize
112KB

Download
memory/2392-111-0x0000000004AA0000-0x0000000004ABC000-memory.dmp

Filesize
112KB

Download
memory/2392-94-0x0000000004AA0000-0x0000000004ABC000-memory.dmp

Filesize
112KB

Download
memory/2496-138-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2600-170-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2600-158-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2652-91-0x0000000004A90000-0x0000000004AAC000-memory.dmp

Filesize
112KB

Download
memory/2652-96-0x0000000005020000-0x000000000503C000-memory.dmp

Filesize
112KB

Download
memory/2652-70-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2652-114-0x0000000005020000-0x000000000503C000-memory.dmp

Filesize
112KB

Download
memory/2652-106-0x0000000004A90000-0x0000000004AAC000-memory.dmp

Filesize
112KB

Download
memory/2684-175-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2692-184-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2700-186-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2720-159-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2720-171-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2764-183-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2792-148-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2796-149-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2796-168-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2860-115-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2860-97-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2888-150-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2888-169-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2916-164-0x0000000002010000-0x000000000202C000-memory.dmp

Filesize
112KB

Download
memory/2916-99-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2924-172-0x0000000005050000-0x000000000506C000-memory.dmp

Filesize
112KB

Download
memory/2924-100-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2964-118-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2964-144-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2968-178-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2996-95-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2996-112-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3036-185-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download