368059a6068cbe69a4f502ff3d44a23fa58505f57be88abbbeafba926ef7213a

Analysis

max time kernel
18s
max time network
120s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
19/07/2024, 01:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

395c14c4a3c34f59b3b49a296853a830N.exe
Size

513KB
MD5

395c14c4a3c34f59b3b49a296853a830
SHA1

6d734127ed3893ac767a2ca1210c27375afe1d96
SHA256

368059a6068cbe69a4f502ff3d44a23fa58505f57be88abbbeafba926ef7213a
SHA512

8708001e594dafbaf9b115b0c90b50e704b6cd16a0684f308b88ce06fa87ac82d446428d5a4f0fef8aacbf6a3de2f931d85dd854af1a6d2a6777e6a0132a40df
SSDEEP

12288:A8EQoSMd4UP5skfQ1sdaim+XequLg1wbM2jT9/kJ0hQ:A8SdKj1swZ+X6hM2V/hhQ

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1736-0-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/files/0x0006000000018679-5.dat	upx
behavioral1/memory/2976-75-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2692-90-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2244-92-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/612-94-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2864-95-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2084-96-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1968-98-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1736-97-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1144-101-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1376-104-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1616-110-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/612-112-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2832-113-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2248-117-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2084-116-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2864-115-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2244-109-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2896-107-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2692-106-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2604-114-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2976-103-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1520-120-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1968-119-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1736-118-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1900-123-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1144-122-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1376-124-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2896-125-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1616-129-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2904-132-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/764-134-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2604-133-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2320-137-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2180-136-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/556-135-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1496-131-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/624-130-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2168-128-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1776-126-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2312-140-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2248-139-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1520-141-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1900-143-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/988-144-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/624-147-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2168-146-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1496-148-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/556-150-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/764-149-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2100-157-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1140-156-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2436-155-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2192-154-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2968-153-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2320-152-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2180-151-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2312-158-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2232-159-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2256-160-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2700-161-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2996-164-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2816-165-0x0000000000400000-0x000000000041C000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	395c14c4a3c34f59b3b49a296853a830N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\I:	395c14c4a3c34f59b3b49a296853a830N.exe
File opened (read-only)	\??\J:	395c14c4a3c34f59b3b49a296853a830N.exe
File opened (read-only)	\??\K:	395c14c4a3c34f59b3b49a296853a830N.exe
File opened (read-only)	\??\S:	395c14c4a3c34f59b3b49a296853a830N.exe
File opened (read-only)	\??\T:	395c14c4a3c34f59b3b49a296853a830N.exe
File opened (read-only)	\??\U:	395c14c4a3c34f59b3b49a296853a830N.exe
File opened (read-only)	\??\A:	395c14c4a3c34f59b3b49a296853a830N.exe
File opened (read-only)	\??\G:	395c14c4a3c34f59b3b49a296853a830N.exe
File opened (read-only)	\??\V:	395c14c4a3c34f59b3b49a296853a830N.exe
File opened (read-only)	\??\R:	395c14c4a3c34f59b3b49a296853a830N.exe
File opened (read-only)	\??\X:	395c14c4a3c34f59b3b49a296853a830N.exe
File opened (read-only)	\??\Y:	395c14c4a3c34f59b3b49a296853a830N.exe
File opened (read-only)	\??\O:	395c14c4a3c34f59b3b49a296853a830N.exe
File opened (read-only)	\??\Q:	395c14c4a3c34f59b3b49a296853a830N.exe
File opened (read-only)	\??\W:	395c14c4a3c34f59b3b49a296853a830N.exe
File opened (read-only)	\??\Z:	395c14c4a3c34f59b3b49a296853a830N.exe
File opened (read-only)	\??\B:	395c14c4a3c34f59b3b49a296853a830N.exe
File opened (read-only)	\??\N:	395c14c4a3c34f59b3b49a296853a830N.exe
File opened (read-only)	\??\L:	395c14c4a3c34f59b3b49a296853a830N.exe
File opened (read-only)	\??\M:	395c14c4a3c34f59b3b49a296853a830N.exe
File opened (read-only)	\??\P:	395c14c4a3c34f59b3b49a296853a830N.exe
File opened (read-only)	\??\E:	395c14c4a3c34f59b3b49a296853a830N.exe
File opened (read-only)	\??\H:	395c14c4a3c34f59b3b49a296853a830N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\System32\LogFiles\Fax\Incoming\tyrkish fetish bukkake sleeping (Sarah).rar.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\danish gang bang lesbian lesbian .mpeg.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\SysWOW64\FxsTmp\kicking fucking uncut ejaculation .rar.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\SysWOW64\IME\shared\hardcore public feet leather (Sarah).mpeg.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\american nude beast [milf] blondie .mpg.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\SysWOW64\FxsTmp\indian gang bang horse full movie balls (Gina,Tatjana).avi.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\SysWOW64\IME\shared\fucking several models castration .rar.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\indian fetish lingerie masturbation glans (Anniston,Jade).rar.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\System32\DriverStore\Temp\indian cum horse sleeping titts shower .rar.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\indian fetish lingerie sleeping glans shower .zip.exe	395c14c4a3c34f59b3b49a296853a830N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\sperm public glans (Jenna,Liz).rar.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Program Files (x86)\Google\Temp\bukkake lesbian (Samantha).mpg.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\trambling voyeur .mpeg.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Program Files\DVD Maker\Shared\american fetish bukkake masturbation 50+ (Anniston,Tatjana).mpg.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\tyrkish fetish beast sleeping cock .mpeg.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Program Files\Windows Journal\Templates\indian handjob horse uncut .mpg.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\swedish handjob hardcore hidden traffic .avi.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\black porn sperm [free] cock bedroom .mpg.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\sperm [milf] feet .mpg.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Program Files (x86)\Google\Update\Download\brasilian handjob lingerie licking mistress .zip.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\bukkake girls glans pregnant .mpg.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\xxx big titts mature .mpg.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\russian beastiality blowjob [free] blondie .mpeg.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\american action fucking big hole .zip.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\gay big titts girly (Samantha).mpg.exe	395c14c4a3c34f59b3b49a296853a830N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SoftwareDistribution\Download\danish porn xxx lesbian boots .avi.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\norwegian bukkake [free] leather (Britney,Samantha).mpg.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\lingerie several models feet .zip.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\american animal sperm big glans .zip.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\italian action blowjob hot (!) (Curtney).zip.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\gang bang xxx hidden high heels .rar.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\fetish hardcore catfight feet granny .rar.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\chinese sperm hidden titts bondage .mpeg.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\british sperm hot (!) (Jade).rar.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\canadian lesbian licking hole (Ashley,Curtney).zip.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\hardcore lesbian .mpg.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\gay hot (!) ash .zip.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\german beast [free] beautyfull .mpg.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\fucking public glans leather .mpeg.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\horse xxx girls .rar.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\american cumshot xxx big cock beautyfull (Tatjana).zip.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\lingerie several models 40+ .mpeg.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\gang bang bukkake uncut hole .avi.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\tyrkish cumshot blowjob hidden young .zip.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\american fetish lingerie hidden bondage .zip.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\swedish animal gay lesbian hole femdom .mpeg.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\Downloaded Program Files\brasilian cumshot beast [milf] .rar.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\canadian lingerie licking .zip.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\horse big penetration .mpg.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\cumshot gay hidden .mpeg.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\british beast catfight .rar.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\swedish gang bang beast hidden beautyfull .zip.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\italian kicking horse catfight redhair .zip.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\beast masturbation hole .mpg.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\norwegian hardcore voyeur (Sarah).rar.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\gay several models .mpeg.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\winsxs\InstallTemp\spanish lesbian [bangbus] hole balls .rar.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\american cumshot trambling licking glans 50+ .zip.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\hardcore lesbian (Melissa).zip.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\black horse hardcore big glans .mpeg.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\beast sleeping glans .mpg.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\norwegian gay masturbation glans upskirt .avi.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\russian porn sperm [bangbus] cock leather .avi.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\french blowjob sleeping boots (Ashley,Liz).rar.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\french fucking hot (!) titts .mpeg.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\tyrkish kicking lingerie big shoes .avi.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\kicking bukkake public titts circumcision (Melissa).mpeg.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\spanish lingerie big cock YEâPSè& .rar.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\italian animal lingerie [milf] penetration .mpg.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\fucking catfight .avi.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\japanese cum lesbian catfight (Tatjana).rar.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\gay hidden glans leather .mpg.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\black porn hardcore [bangbus] glans circumcision (Jade).rar.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\indian animal bukkake big titts wifey .mpg.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\winsxs\Temp\american kicking hardcore [milf] swallow .zip.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\security\templates\porn xxx masturbation lady .mpg.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\italian action gay girls fishy .mpeg.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\african fucking several models gorgeoushorny .avi.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\action hardcore big feet .zip.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\tyrkish nude lingerie uncut (Tatjana).zip.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\action beast big balls .rar.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\russian action trambling [bangbus] feet (Anniston,Samantha).mpg.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\canadian trambling hot (!) cock (Sandy,Curtney).zip.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\brasilian horse lingerie girls (Liz).zip.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\brasilian gang bang trambling [free] (Samantha).rar.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\african lingerie masturbation cock .mpeg.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\lingerie several models hole femdom .mpg.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\gang bang horse hot (!) boots (Jenna,Melissa).avi.exe	395c14c4a3c34f59b3b49a296853a830N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\horse public (Liz).avi.exe	395c14c4a3c34f59b3b49a296853a830N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1736	395c14c4a3c34f59b3b49a296853a830N.exe
2976	395c14c4a3c34f59b3b49a296853a830N.exe
1736	395c14c4a3c34f59b3b49a296853a830N.exe
2692	395c14c4a3c34f59b3b49a296853a830N.exe
2244	395c14c4a3c34f59b3b49a296853a830N.exe
2976	395c14c4a3c34f59b3b49a296853a830N.exe
1736	395c14c4a3c34f59b3b49a296853a830N.exe
612	395c14c4a3c34f59b3b49a296853a830N.exe
2864	395c14c4a3c34f59b3b49a296853a830N.exe
2084	395c14c4a3c34f59b3b49a296853a830N.exe
2692	395c14c4a3c34f59b3b49a296853a830N.exe
1968	395c14c4a3c34f59b3b49a296853a830N.exe
2244	395c14c4a3c34f59b3b49a296853a830N.exe
2976	395c14c4a3c34f59b3b49a296853a830N.exe
1736	395c14c4a3c34f59b3b49a296853a830N.exe
1144	395c14c4a3c34f59b3b49a296853a830N.exe
1376	395c14c4a3c34f59b3b49a296853a830N.exe
2896	395c14c4a3c34f59b3b49a296853a830N.exe
612	395c14c4a3c34f59b3b49a296853a830N.exe
1616	395c14c4a3c34f59b3b49a296853a830N.exe
2904	395c14c4a3c34f59b3b49a296853a830N.exe
2692	395c14c4a3c34f59b3b49a296853a830N.exe
2864	395c14c4a3c34f59b3b49a296853a830N.exe
2832	395c14c4a3c34f59b3b49a296853a830N.exe
2604	395c14c4a3c34f59b3b49a296853a830N.exe
2084	395c14c4a3c34f59b3b49a296853a830N.exe
1968	395c14c4a3c34f59b3b49a296853a830N.exe
2248	395c14c4a3c34f59b3b49a296853a830N.exe
2976	395c14c4a3c34f59b3b49a296853a830N.exe
2244	395c14c4a3c34f59b3b49a296853a830N.exe
1736	395c14c4a3c34f59b3b49a296853a830N.exe
1520	395c14c4a3c34f59b3b49a296853a830N.exe
1900	395c14c4a3c34f59b3b49a296853a830N.exe
988	395c14c4a3c34f59b3b49a296853a830N.exe
1144	395c14c4a3c34f59b3b49a296853a830N.exe
1776	395c14c4a3c34f59b3b49a296853a830N.exe
1376	395c14c4a3c34f59b3b49a296853a830N.exe
2168	395c14c4a3c34f59b3b49a296853a830N.exe
612	395c14c4a3c34f59b3b49a296853a830N.exe
2896	395c14c4a3c34f59b3b49a296853a830N.exe
1496	395c14c4a3c34f59b3b49a296853a830N.exe
624	395c14c4a3c34f59b3b49a296853a830N.exe
2692	395c14c4a3c34f59b3b49a296853a830N.exe
2904	395c14c4a3c34f59b3b49a296853a830N.exe
2904	395c14c4a3c34f59b3b49a296853a830N.exe
2084	395c14c4a3c34f59b3b49a296853a830N.exe
2084	395c14c4a3c34f59b3b49a296853a830N.exe
556	395c14c4a3c34f59b3b49a296853a830N.exe
556	395c14c4a3c34f59b3b49a296853a830N.exe
764	395c14c4a3c34f59b3b49a296853a830N.exe
764	395c14c4a3c34f59b3b49a296853a830N.exe
2864	395c14c4a3c34f59b3b49a296853a830N.exe
2864	395c14c4a3c34f59b3b49a296853a830N.exe
2320	395c14c4a3c34f59b3b49a296853a830N.exe
2320	395c14c4a3c34f59b3b49a296853a830N.exe
2180	395c14c4a3c34f59b3b49a296853a830N.exe
2180	395c14c4a3c34f59b3b49a296853a830N.exe
2832	395c14c4a3c34f59b3b49a296853a830N.exe
2832	395c14c4a3c34f59b3b49a296853a830N.exe
1616	395c14c4a3c34f59b3b49a296853a830N.exe
1616	395c14c4a3c34f59b3b49a296853a830N.exe
1968	395c14c4a3c34f59b3b49a296853a830N.exe
1968	395c14c4a3c34f59b3b49a296853a830N.exe
2604	395c14c4a3c34f59b3b49a296853a830N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1736 wrote to memory of 2976	1736	395c14c4a3c34f59b3b49a296853a830N.exe	31
PID 1736 wrote to memory of 2976	1736	395c14c4a3c34f59b3b49a296853a830N.exe	31
PID 1736 wrote to memory of 2976	1736	395c14c4a3c34f59b3b49a296853a830N.exe	31
PID 1736 wrote to memory of 2976	1736	395c14c4a3c34f59b3b49a296853a830N.exe	31
PID 2976 wrote to memory of 2692	2976	395c14c4a3c34f59b3b49a296853a830N.exe	32
PID 2976 wrote to memory of 2692	2976	395c14c4a3c34f59b3b49a296853a830N.exe	32
PID 2976 wrote to memory of 2692	2976	395c14c4a3c34f59b3b49a296853a830N.exe	32
PID 2976 wrote to memory of 2692	2976	395c14c4a3c34f59b3b49a296853a830N.exe	32
PID 1736 wrote to memory of 2244	1736	395c14c4a3c34f59b3b49a296853a830N.exe	33
PID 1736 wrote to memory of 2244	1736	395c14c4a3c34f59b3b49a296853a830N.exe	33
PID 1736 wrote to memory of 2244	1736	395c14c4a3c34f59b3b49a296853a830N.exe	33
PID 1736 wrote to memory of 2244	1736	395c14c4a3c34f59b3b49a296853a830N.exe	33
PID 2692 wrote to memory of 612	2692	395c14c4a3c34f59b3b49a296853a830N.exe	34
PID 2692 wrote to memory of 612	2692	395c14c4a3c34f59b3b49a296853a830N.exe	34
PID 2692 wrote to memory of 612	2692	395c14c4a3c34f59b3b49a296853a830N.exe	34
PID 2692 wrote to memory of 612	2692	395c14c4a3c34f59b3b49a296853a830N.exe	34
PID 2244 wrote to memory of 2864	2244	395c14c4a3c34f59b3b49a296853a830N.exe	35
PID 2244 wrote to memory of 2864	2244	395c14c4a3c34f59b3b49a296853a830N.exe	35
PID 2244 wrote to memory of 2864	2244	395c14c4a3c34f59b3b49a296853a830N.exe	35
PID 2244 wrote to memory of 2864	2244	395c14c4a3c34f59b3b49a296853a830N.exe	35
PID 2976 wrote to memory of 2084	2976	395c14c4a3c34f59b3b49a296853a830N.exe	36
PID 2976 wrote to memory of 2084	2976	395c14c4a3c34f59b3b49a296853a830N.exe	36
PID 2976 wrote to memory of 2084	2976	395c14c4a3c34f59b3b49a296853a830N.exe	36
PID 2976 wrote to memory of 2084	2976	395c14c4a3c34f59b3b49a296853a830N.exe	36
PID 1736 wrote to memory of 1968	1736	395c14c4a3c34f59b3b49a296853a830N.exe	37
PID 1736 wrote to memory of 1968	1736	395c14c4a3c34f59b3b49a296853a830N.exe	37
PID 1736 wrote to memory of 1968	1736	395c14c4a3c34f59b3b49a296853a830N.exe	37
PID 1736 wrote to memory of 1968	1736	395c14c4a3c34f59b3b49a296853a830N.exe	37
PID 612 wrote to memory of 1144	612	395c14c4a3c34f59b3b49a296853a830N.exe	38
PID 612 wrote to memory of 1144	612	395c14c4a3c34f59b3b49a296853a830N.exe	38
PID 612 wrote to memory of 1144	612	395c14c4a3c34f59b3b49a296853a830N.exe	38
PID 612 wrote to memory of 1144	612	395c14c4a3c34f59b3b49a296853a830N.exe	38
PID 2864 wrote to memory of 1376	2864	395c14c4a3c34f59b3b49a296853a830N.exe	39
PID 2864 wrote to memory of 1376	2864	395c14c4a3c34f59b3b49a296853a830N.exe	39
PID 2864 wrote to memory of 1376	2864	395c14c4a3c34f59b3b49a296853a830N.exe	39
PID 2864 wrote to memory of 1376	2864	395c14c4a3c34f59b3b49a296853a830N.exe	39
PID 2692 wrote to memory of 2896	2692	395c14c4a3c34f59b3b49a296853a830N.exe	40
PID 2692 wrote to memory of 2896	2692	395c14c4a3c34f59b3b49a296853a830N.exe	40
PID 2692 wrote to memory of 2896	2692	395c14c4a3c34f59b3b49a296853a830N.exe	40
PID 2692 wrote to memory of 2896	2692	395c14c4a3c34f59b3b49a296853a830N.exe	40
PID 2084 wrote to memory of 1616	2084	395c14c4a3c34f59b3b49a296853a830N.exe	41
PID 2084 wrote to memory of 1616	2084	395c14c4a3c34f59b3b49a296853a830N.exe	41
PID 2084 wrote to memory of 1616	2084	395c14c4a3c34f59b3b49a296853a830N.exe	41
PID 2084 wrote to memory of 1616	2084	395c14c4a3c34f59b3b49a296853a830N.exe	41
PID 1968 wrote to memory of 2904	1968	395c14c4a3c34f59b3b49a296853a830N.exe	42
PID 1968 wrote to memory of 2904	1968	395c14c4a3c34f59b3b49a296853a830N.exe	42
PID 1968 wrote to memory of 2904	1968	395c14c4a3c34f59b3b49a296853a830N.exe	42
PID 1968 wrote to memory of 2904	1968	395c14c4a3c34f59b3b49a296853a830N.exe	42
PID 2244 wrote to memory of 2832	2244	395c14c4a3c34f59b3b49a296853a830N.exe	43
PID 2244 wrote to memory of 2832	2244	395c14c4a3c34f59b3b49a296853a830N.exe	43
PID 2244 wrote to memory of 2832	2244	395c14c4a3c34f59b3b49a296853a830N.exe	43
PID 2244 wrote to memory of 2832	2244	395c14c4a3c34f59b3b49a296853a830N.exe	43
PID 2976 wrote to memory of 2604	2976	395c14c4a3c34f59b3b49a296853a830N.exe	44
PID 2976 wrote to memory of 2604	2976	395c14c4a3c34f59b3b49a296853a830N.exe	44
PID 2976 wrote to memory of 2604	2976	395c14c4a3c34f59b3b49a296853a830N.exe	44
PID 2976 wrote to memory of 2604	2976	395c14c4a3c34f59b3b49a296853a830N.exe	44
PID 1736 wrote to memory of 2248	1736	395c14c4a3c34f59b3b49a296853a830N.exe	45
PID 1736 wrote to memory of 2248	1736	395c14c4a3c34f59b3b49a296853a830N.exe	45
PID 1736 wrote to memory of 2248	1736	395c14c4a3c34f59b3b49a296853a830N.exe	45
PID 1736 wrote to memory of 2248	1736	395c14c4a3c34f59b3b49a296853a830N.exe	45
PID 1144 wrote to memory of 1520	1144	395c14c4a3c34f59b3b49a296853a830N.exe	46
PID 1144 wrote to memory of 1520	1144	395c14c4a3c34f59b3b49a296853a830N.exe	46
PID 1144 wrote to memory of 1520	1144	395c14c4a3c34f59b3b49a296853a830N.exe	46
PID 1144 wrote to memory of 1520	1144	395c14c4a3c34f59b3b49a296853a830N.exe	46

C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
"C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1736
- C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
  "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2976
- - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2692
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:612
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1144
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        8⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        9⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        10⤵
        
        PID:11052
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        11⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        10⤵
        
        PID:20388
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        9⤵
        
        PID:8412
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        10⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        9⤵
        
        PID:14672
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        8⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        9⤵
        
        PID:9128
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        10⤵
        
        PID:23280
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        9⤵
        
        PID:14232
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        9⤵
        
        PID:11724
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        8⤵
        
        PID:7188
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        9⤵
        
        PID:15664
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        8⤵
        
        PID:11680
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        8⤵
        
        PID:20764
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        8⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        9⤵
        
        PID:10672
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        9⤵
        
        PID:14416
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        8⤵
        
        PID:8600
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        9⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        8⤵
        
        PID:14796
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        8⤵
        
        PID:9480
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        8⤵
        
        PID:17692
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        8⤵
        
        PID:18332
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:11916
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:23056
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        8⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        9⤵
        
        PID:10432
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        9⤵
        
        PID:20680
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        8⤵
        
        PID:8576
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        9⤵
        
        PID:23852
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        8⤵
        
        PID:15168
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        8⤵
        
        PID:9164
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        9⤵
        
        PID:23836
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        8⤵
        
        PID:14240
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        8⤵
        
        PID:15136
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:12440
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:22648
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        8⤵
        
        PID:14056
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:8936
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:14568
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:10092
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        8⤵
        
        PID:23900
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:14344
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:8088
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:15648
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:14104
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:988
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        8⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        9⤵
        
        PID:11304
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        9⤵
        
        PID:20420
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        8⤵
        
        PID:8556
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        9⤵
        
        PID:15504
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        8⤵
        
        PID:14656
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        8⤵
        
        PID:8036
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        8⤵
        
        PID:9600
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        9⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        8⤵
        
        PID:14576
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:7352
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        8⤵
        
        PID:15424
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:11688
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:20564
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        8⤵
        
        PID:12116
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        8⤵
        
        PID:14560
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:8564
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        8⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:14624
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:8952
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:15440
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:7456
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:18692
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:11932
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:20784
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:2108
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        8⤵
        
        PID:15348
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:9104
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        8⤵
        
        PID:21424
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:15464
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:10180
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:23072
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:7364
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:18380
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:14096
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:4080
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:15380
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:9372
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:17332
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:5452
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:10100
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:14272
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:7544
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:14816
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:14208
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2896
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1776
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        8⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        9⤵
        
        PID:11728
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        9⤵
        
        PID:17388
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        8⤵
        
        PID:8616
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        9⤵
        
        PID:15656
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        8⤵
        
        PID:14392
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        8⤵
        
        PID:9404
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        8⤵
        
        PID:17404
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        8⤵
        
        PID:15768
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:12448
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:23288
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        8⤵
        
        PID:14824
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:9396
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        8⤵
        
        PID:14348
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:14248
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:10112
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        8⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:18716
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:7504
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:15128
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:14312
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:2732
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        8⤵
        
        PID:15296
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:9000
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        8⤵
        
        PID:23312
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:14600
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:10876
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:15488
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:7408
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:24240
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:14784
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:3176
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:15256
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:9512
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:14432
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:5472
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:10168
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:23844
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:20396
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:7476
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:23792
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:14152
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2168
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:2324
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        8⤵
        
        PID:14720
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:10276
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:15320
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:10444
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:17396
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:8508
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:15512
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:14376
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:4360
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:20492
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:12480
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:3244
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:6196
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:15288
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:9456
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:17340
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:2736
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:3384
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:14752
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:9616
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:17580
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:5520
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:10196
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:20712
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:8060
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:6292
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:14680
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:3600
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:6672
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:15340
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:9632
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:15776
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:5724
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:11296
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:3160
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:20468
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:8348
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:20532
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:15160
- - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2084
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1616
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2180
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        8⤵
        
        PID:9096
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        8⤵
        
        PID:15472
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        8⤵
        
        PID:15704
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:11696
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:18764
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:8228
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        8⤵
        
        PID:14688
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:14052
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:15732
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:10460
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:17380
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:2884
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        8⤵
        
        PID:14704
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:10160
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:15176
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:10664
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        8⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:20756
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:8492
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:17452
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:14664
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:4296
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:7244
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:15600
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:12488
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:23100
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:5780
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:14584
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:8976
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:24200
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:14640
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:764
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:3164
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:9420
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:14632
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:16032
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:11092
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:6692
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:20544
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:4844
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:7964
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:20776
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:14072
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:7068
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:15760
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:10468
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:15312
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:2580
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:3564
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:15004
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:9716
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:23812
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:14464
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:5708
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:11360
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:20412
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:8244
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:24248
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:14456
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:4268
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:6660
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:18272
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:11276
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:23828
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:20452
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:5700
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:14136
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:8920
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:14408
- - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2604
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:2968
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:3256
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:9412
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        8⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:16416
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:18356
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:12424
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:23304
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:4916
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:8324
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:18372
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:14480
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:6436
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:15680
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:11100
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:20436
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:2888
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:3280
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:15356
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:10068
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:23272
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:19780
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:5832
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:10600
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:3236
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:20612
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:8632
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:23092
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:14304
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:4320
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:7512
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:18700
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:12096
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:5160
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:20444
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:6180
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:15264
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:9356
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:23196
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:15752
- - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
    3⤵
    PID:2436
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:3376
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:5240
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:9524
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:6272
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:17424
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:7932
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:2016
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:12496
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:22972
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:4968
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:8584
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:14368
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:6664
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:15152
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:10244
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:20312
- - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
    3⤵
    PID:1456
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:4156
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:6944
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:14744
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:10076
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:18772
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:5884
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:10608
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:21440
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:8624
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:20672
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:14384
- - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
    3⤵
    PID:4344
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:7580
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:15720
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:12432
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:23328
- - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
    3⤵
    PID:6212
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:15224
- - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
    3⤵
    PID:9388
- - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
    3⤵
    PID:14696
- C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
  "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2244
- - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2864
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1376
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1900
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        8⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        9⤵
        
        PID:10928
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        9⤵
        
        PID:20460
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        8⤵
        
        PID:8500
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        9⤵
        
        PID:23116
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        8⤵
        
        PID:14504
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        8⤵
        
        PID:9472
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        9⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        8⤵
        
        PID:17708
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        8⤵
        
        PID:18608
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:11612
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:20404
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        8⤵
        
        PID:10648
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        9⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        8⤵
        
        PID:20552
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:8420
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:14472
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:8988
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:13260
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:7420
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:18200
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:12104
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:14544
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:2996
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        8⤵
        
        PID:11288
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        8⤵
        
        PID:20604
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:8608
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        8⤵
        
        PID:20320
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:14648
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:9428
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        8⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:18892
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:15632
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:12392
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:24520
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:3968
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:15280
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:9112
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:15480
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:5388
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:10404
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:20428
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:7452
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:15104
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:14352
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:624
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:884
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        8⤵
        
        PID:16064
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:14296
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:14832
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:9648
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:16408
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:4680
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:7992
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:20664
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:14012
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:6648
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:14736
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:9708
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:14360
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:2608
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:3804
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:15184
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:9772
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:14440
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:5732
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:10656
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:20704
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:8340
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:23820
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:14552
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:4288
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:7212
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:18616
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:11924
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:21432
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:5720
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:15208
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:8928
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:6456
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:14608
- - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2832
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:556
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:3124
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:9436
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:15792
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:11704
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:20596
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:11620
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:18848
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:4812
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:7600
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:15120
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:14144
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:6976
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:15192
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:10224
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:18816
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:2916
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:4512
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:7848
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:18280
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:12416
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:24528
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:6412
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:14776
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:9548
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:828
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:18600
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:4352
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:7556
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:18288
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:12244
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:23064
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:6228
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:15272
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:9364
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:14328
- - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
    3⤵
    PID:2100
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:3348
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:5224
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:9684
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:14448
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:7908
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:20656
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:14088
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:4956
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:8356
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:15532
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:14496
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:6612
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:15688
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:10252
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:20720
- - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
    3⤵
    PID:1636
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:4164
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:6996
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:14712
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:10268
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:17628
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:5908
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:11320
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:14272
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:20476
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:8548
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:23108
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:14488
- - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
    3⤵
    PID:4332
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:7532
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:15624
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:12236
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:23892
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:23080
- - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
    3⤵
    PID:6248
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:15248
- - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
    3⤵
    PID:9380
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:2856
- - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
    3⤵
    PID:14320
- C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
  "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1968
- - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2904
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1496
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:1892
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:8068
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        8⤵
        
        PID:20080
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:14080
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:14768
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:9660
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:24216
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:15784
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:4632
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:7976
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:15064
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:14020
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:6616
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:14840
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:9640
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:5876
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:17700
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:2560
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:3872
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:14760
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:10260
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:20620
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:5688
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:10592
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:20728
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:8236
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:14536
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:4256
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:7080
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:15744
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:11084
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:20740
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:5528
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:15232
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:8944
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:24208
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:15144
- - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2320
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:3184
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:4640
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:9040
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:23320
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:14224
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:7468
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:15200
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:12456
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:3364
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:4820
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:7816
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:15432
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:14280
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:7056
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:15088
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:10216
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:20688
- - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
    3⤵
    PID:2876
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:4428
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:7692
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:15576
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:12252
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:23048
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:6324
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:14728
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:9136
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:14064
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:7972
- - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
    3⤵
    PID:4308
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:7436
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:15672
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:12228
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:20748
- - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
    3⤵
    PID:5684
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:15240
- - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
    3⤵
    PID:9008
- - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
    3⤵
    PID:14616
- C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
  "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2248
- - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
    3⤵
    PID:2192
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:3264
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:5128
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:9196
        
        C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        7⤵
        
        PID:24256
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:14288
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:7828
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:15640
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:12400
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:24512
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:4888
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:7564
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:20332
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:14400
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:6404
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:15372
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:10452
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:18880
- - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
    3⤵
    PID:2940
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:4448
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:7808
      - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        6⤵
        
        PID:18728
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:12472
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:23264
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:6312
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:15332
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:9444
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:23860
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:14264
- - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
    3⤵
    PID:4520
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:7876
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:15712
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:12464
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:22964
- - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
    3⤵
    PID:6448
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:15024
- - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
    3⤵
    PID:9504
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:23336
- - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
    3⤵
    PID:14592
- C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
  "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
  2⤵
  PID:1140
- - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
    3⤵
    PID:3292
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:5180
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:9188
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:14256
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:7892
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:15080
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:12408
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:23296
- - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
    3⤵
    PID:4924
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:8384
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:8084
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:14688
- - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
    3⤵
    PID:6592
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:15216
- - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
    3⤵
    PID:10476
- - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
    3⤵
    PID:15096
- C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
  "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
  2⤵
  PID:2216
- - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
    3⤵
    PID:4700
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:8016
    - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
        5⤵
        
        PID:15072
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:12384
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:24504
- - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
    3⤵
    PID:6640
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:15364
- - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
    3⤵
    PID:9700
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:4504
- - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
    3⤵
    PID:14424
- C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
  "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
  2⤵
  PID:4644
- - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
    3⤵
    PID:8104
  - - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
      "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
      4⤵
      PID:20520
- - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
    3⤵
    PID:14112
- C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
  "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
  2⤵
  PID:6624
- - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
    3⤵
    PID:15304
- C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
  "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
  2⤵
  PID:9624
- - C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
    "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
    3⤵
    PID:6788
- C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe
  "C:\Users\Admin\AppData\Local\Temp\395c14c4a3c34f59b3b49a296853a830N.exe"
  2⤵
  PID:17360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\sperm public glans (Jenna,Liz).rar.exe

Filesize
699KB

MD5
2cd37530909fff1da754f582209277a6

SHA1
fb6eec8c5c827f1239f1944c5c2f3123df6431e7

SHA256
08fde2c6706ef2b1c352fdf8bdcc80d96a20f633fe5cd22636b03787dc32e2a5

SHA512
01ae9aee7f2094c1052ef4a5a492b6fe9a23574668567dfd124dbfe4c306dca646ee624e73f41134a0badbb396e01aa3fc50ea02044075cc58458d490b486485

Download Submit
C:\debug.txt

Filesize
129B

MD5
f3cc4b58cf0872b2c76b713ea6543e58

SHA1
a1e81c8e2c73b4da96c813408079dcf32de8165e

SHA256
41dd77f7d16173a1e4523f5aabe7f0f705f08a7c04df7b602648dc5e4bf85635

SHA512
8c231925bc140382c658191f64eb27283a7c86792e21732def5f44282fc61fe75bf67739d6fc0f1e4bee319359db067763911562a680a7065b4c394dbc9b9f9d

Download Submit
memory/556-150-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/556-135-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/556-175-0x0000000004CD0000-0x0000000004CEC000-memory.dmp

Filesize
112KB

Download
memory/612-94-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/612-100-0x0000000001FC0000-0x0000000001FDC000-memory.dmp

Filesize
112KB

Download
memory/612-112-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/612-121-0x0000000001FC0000-0x0000000001FDC000-memory.dmp

Filesize
112KB

Download
memory/624-130-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/624-147-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/764-134-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/764-149-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/764-177-0x00000000045D0000-0x00000000045EC000-memory.dmp

Filesize
112KB

Download
memory/988-144-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1140-156-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1144-101-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1144-122-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1376-124-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1376-104-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1376-142-0x0000000001F30000-0x0000000001F4C000-memory.dmp

Filesize
112KB

Download
memory/1496-131-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1496-148-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1520-141-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1520-120-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1616-110-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1616-129-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1636-178-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1736-546-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1736-74-0x0000000005940000-0x000000000595C000-memory.dmp

Filesize
112KB

Download
memory/1736-102-0x0000000005940000-0x000000000595C000-memory.dmp

Filesize
112KB

Download
memory/1736-108-0x0000000005940000-0x000000000595C000-memory.dmp

Filesize
112KB

Download
memory/1736-401-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1736-118-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1736-97-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1736-0-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1736-91-0x0000000005940000-0x000000000595C000-memory.dmp

Filesize
112KB

Download
memory/1776-126-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1900-123-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1900-143-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1968-173-0x0000000004AA0000-0x0000000004ABC000-memory.dmp

Filesize
112KB

Download
memory/1968-98-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1968-166-0x0000000004AA0000-0x0000000004ABC000-memory.dmp

Filesize
112KB

Download
memory/1968-119-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2084-96-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2084-116-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2084-171-0x0000000004B20000-0x0000000004B3C000-memory.dmp

Filesize
112KB

Download
memory/2084-162-0x0000000004B20000-0x0000000004B3C000-memory.dmp

Filesize
112KB

Download
memory/2100-157-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2108-168-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2168-146-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2168-128-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2180-181-0x00000000045C0000-0x00000000045DC000-memory.dmp

Filesize
112KB

Download
memory/2180-151-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2180-136-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2192-154-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2192-184-0x0000000004F10000-0x0000000004F2C000-memory.dmp

Filesize
112KB

Download
memory/2232-159-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2244-109-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2244-174-0x0000000004F30000-0x0000000004F4C000-memory.dmp

Filesize
112KB

Download
memory/2244-92-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2248-139-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2248-117-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2256-160-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2312-140-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2312-158-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2320-179-0x0000000004A90000-0x0000000004AAC000-memory.dmp

Filesize
112KB

Download
memory/2320-152-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2320-137-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2324-176-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2436-155-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2604-133-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2604-114-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2692-106-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2692-90-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2692-145-0x0000000004E30000-0x0000000004E4C000-memory.dmp

Filesize
112KB

Download
memory/2692-93-0x00000000020C0000-0x00000000020DC000-memory.dmp

Filesize
112KB

Download
memory/2692-127-0x0000000004E30000-0x0000000004E4C000-memory.dmp

Filesize
112KB

Download
memory/2692-111-0x00000000020C0000-0x00000000020DC000-memory.dmp

Filesize
112KB

Download
memory/2700-161-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2732-169-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2816-165-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2832-113-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2832-167-0x0000000000540000-0x000000000055C000-memory.dmp

Filesize
112KB

Download
memory/2864-95-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2864-172-0x0000000005060000-0x000000000507C000-memory.dmp

Filesize
112KB

Download
memory/2864-115-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2864-163-0x0000000005060000-0x000000000507C000-memory.dmp

Filesize
112KB

Download
memory/2896-125-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2896-107-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2904-132-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2916-180-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2940-182-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2968-153-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2968-183-0x0000000005050000-0x000000000506C000-memory.dmp

Filesize
112KB

Download
memory/2976-170-0x0000000002120000-0x000000000213C000-memory.dmp

Filesize
112KB

Download
memory/2976-103-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2976-89-0x0000000002100000-0x000000000211C000-memory.dmp

Filesize
112KB

Download
memory/2976-105-0x0000000002100000-0x000000000211C000-memory.dmp

Filesize
112KB

Download
memory/2976-75-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2996-164-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download