273886e844c3d90e6ebd951c6f528070318b3d3a8a08d0b35ae428913043757c

Analysis

max time kernel
26s
max time network
71s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
19/07/2024, 01:13

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

349983b7e0e6c22ac0affc900bc89e10N.exe
Size

1.8MB
MD5

349983b7e0e6c22ac0affc900bc89e10
SHA1

d44284da674e6ccff8bdde6e4e1dd12f1fa81456
SHA256

273886e844c3d90e6ebd951c6f528070318b3d3a8a08d0b35ae428913043757c
SHA512

dd7c2d39aa3101e4dfaa5fc1b0f29194df805d66859edb23a8eac284c47c1d3f8950590024aac9a678c3fbaf2ae90ee4fe6f4e04b00aa41bab80013a5664d3c7
SSDEEP

49152:V73lKQMrBHj6sGeagCrKqX+bflZapl4sgFnP7YEM+Uc:u1HjXGejCOli0sQ4c

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	349983b7e0e6c22ac0affc900bc89e10N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\E:	349983b7e0e6c22ac0affc900bc89e10N.exe
File opened (read-only)	\??\M:	349983b7e0e6c22ac0affc900bc89e10N.exe
File opened (read-only)	\??\O:	349983b7e0e6c22ac0affc900bc89e10N.exe
File opened (read-only)	\??\P:	349983b7e0e6c22ac0affc900bc89e10N.exe
File opened (read-only)	\??\R:	349983b7e0e6c22ac0affc900bc89e10N.exe
File opened (read-only)	\??\W:	349983b7e0e6c22ac0affc900bc89e10N.exe
File opened (read-only)	\??\Z:	349983b7e0e6c22ac0affc900bc89e10N.exe
File opened (read-only)	\??\A:	349983b7e0e6c22ac0affc900bc89e10N.exe
File opened (read-only)	\??\K:	349983b7e0e6c22ac0affc900bc89e10N.exe
File opened (read-only)	\??\L:	349983b7e0e6c22ac0affc900bc89e10N.exe
File opened (read-only)	\??\Q:	349983b7e0e6c22ac0affc900bc89e10N.exe
File opened (read-only)	\??\S:	349983b7e0e6c22ac0affc900bc89e10N.exe
File opened (read-only)	\??\J:	349983b7e0e6c22ac0affc900bc89e10N.exe
File opened (read-only)	\??\I:	349983b7e0e6c22ac0affc900bc89e10N.exe
File opened (read-only)	\??\N:	349983b7e0e6c22ac0affc900bc89e10N.exe
File opened (read-only)	\??\U:	349983b7e0e6c22ac0affc900bc89e10N.exe
File opened (read-only)	\??\X:	349983b7e0e6c22ac0affc900bc89e10N.exe
File opened (read-only)	\??\Y:	349983b7e0e6c22ac0affc900bc89e10N.exe
File opened (read-only)	\??\H:	349983b7e0e6c22ac0affc900bc89e10N.exe
File opened (read-only)	\??\G:	349983b7e0e6c22ac0affc900bc89e10N.exe
File opened (read-only)	\??\T:	349983b7e0e6c22ac0affc900bc89e10N.exe
File opened (read-only)	\??\V:	349983b7e0e6c22ac0affc900bc89e10N.exe
File opened (read-only)	\??\B:	349983b7e0e6c22ac0affc900bc89e10N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\italian cumshot xxx several models hole leather .zip.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\horse uncut sm .rar.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\SysWOW64\IME\shared\hardcore masturbation .mpeg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\trambling several models ejaculation .mpg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\SysWOW64\IME\shared\black action fucking [bangbus] .mpeg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\black fetish beast masturbation redhair .mpg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\SysWOW64\FxsTmp\hardcore several models shoes (Christine,Curtney).avi.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\russian horse fucking hidden feet .mpg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\System32\DriverStore\Temp\lesbian sleeping hole mature .mpeg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\SysWOW64\FxsTmp\african sperm voyeur .mpg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\fucking voyeur cock mistress .rar.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\brasilian porn lesbian lesbian glans .zip.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\lesbian licking hole .rar.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Program Files (x86)\Google\Temp\brasilian cum gay [bangbus] glans latex .avi.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Program Files (x86)\Google\Update\Download\gay several models .zip.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\russian porn trambling several models cock circumcision .zip.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\lingerie hot (!) cock ejaculation .mpg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Program Files\Windows Journal\Templates\american handjob sperm masturbation latex .rar.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\italian action sperm girls feet young .rar.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\black horse xxx several models swallow .mpg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Program Files\DVD Maker\Shared\xxx masturbation shoes .avi.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\brasilian fetish fucking [free] cock (Kathrin,Sylvia).avi.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\japanese nude fucking [milf] .avi.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\russian horse horse licking feet .zip.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\xxx [bangbus] young .mpg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\horse masturbation feet .mpeg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\xxx public granny .avi.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\trambling big redhair .zip.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\swedish nude horse sleeping (Tatjana).mpg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\italian cumshot fucking several models (Janette).zip.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\SoftwareDistribution\Download\indian fetish xxx lesbian titts gorgeoushorny .rar.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\porn xxx several models .avi.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\norwegian xxx full movie ejaculation .zip.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\swedish cum bukkake sleeping balls .avi.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\american action lesbian big .mpeg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\security\templates\indian cum horse lesbian sm .avi.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\tyrkish fetish horse licking titts penetration .mpg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\swedish horse beast masturbation hole young .zip.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\horse several models .zip.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\beastiality horse lesbian (Sylvia).avi.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\malaysia gay hot (!) (Liz).avi.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\british trambling uncut sweet .mpg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\horse sleeping cock penetration .mpeg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\indian cumshot hardcore lesbian hole .mpeg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\canadian lingerie catfight hole sweet .zip.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\russian handjob sperm hot (!) (Liz).avi.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\russian gang bang trambling hidden bondage .zip.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\spanish trambling licking cock .avi.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\gang bang lingerie uncut 40+ .rar.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\sperm several models (Janette).mpeg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\american beastiality lesbian lesbian young (Kathrin,Janette).mpeg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\trambling catfight hole upskirt .rar.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\japanese cumshot horse uncut sweet .mpeg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\mssrv.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\american beastiality gay lesbian .mpg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\fucking public cock sm (Samantha).rar.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\japanese porn xxx hidden (Tatjana).mpg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\horse [free] (Janette).avi.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\assembly\temp\sperm big (Karin).rar.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\american cum trambling masturbation 50+ (Britney,Curtney).mpeg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\norwegian sperm uncut wifey .zip.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\handjob blowjob masturbation (Karin).rar.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\spanish lesbian [bangbus] .avi.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\japanese kicking lingerie masturbation leather .rar.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\american cum lingerie hot (!) glans boots (Tatjana).avi.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\german lingerie [free] circumcision .mpeg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\winsxs\Temp\blowjob masturbation balls (Sonja,Melissa).rar.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\indian gang bang lesbian public upskirt .rar.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\asian hardcore voyeur circumcision .avi.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\kicking trambling full movie YEâPSè& .mpeg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\russian horse xxx sleeping .mpeg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\french beast uncut (Liz).avi.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\hardcore voyeur feet high heels .zip.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\tyrkish beastiality blowjob uncut girly .mpg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\african blowjob catfight femdom .rar.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\nude xxx hot (!) hotel .mpeg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\british trambling hidden sm .avi.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\black kicking gay sleeping .zip.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\nude lesbian full movie circumcision .avi.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\animal fucking catfight titts .rar.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\asian fucking uncut penetration .mpg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\russian nude sperm uncut cock bedroom (Sarah).mpeg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\gang bang sperm full movie cock .mpg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\spanish gay [bangbus] circumcision .mpg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\african gay uncut .zip.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\bukkake hidden (Jade).avi.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\tyrkish kicking blowjob [bangbus] girly .zip.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\porn xxx uncut feet boots .mpg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\african trambling big glans hotel .mpeg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2096	349983b7e0e6c22ac0affc900bc89e10N.exe
2608	349983b7e0e6c22ac0affc900bc89e10N.exe
2096	349983b7e0e6c22ac0affc900bc89e10N.exe
2324	349983b7e0e6c22ac0affc900bc89e10N.exe
1572	349983b7e0e6c22ac0affc900bc89e10N.exe
2608	349983b7e0e6c22ac0affc900bc89e10N.exe
2096	349983b7e0e6c22ac0affc900bc89e10N.exe
2548	349983b7e0e6c22ac0affc900bc89e10N.exe
1232	349983b7e0e6c22ac0affc900bc89e10N.exe
2324	349983b7e0e6c22ac0affc900bc89e10N.exe
2648	349983b7e0e6c22ac0affc900bc89e10N.exe
1572	349983b7e0e6c22ac0affc900bc89e10N.exe
3000	349983b7e0e6c22ac0affc900bc89e10N.exe
2608	349983b7e0e6c22ac0affc900bc89e10N.exe
2096	349983b7e0e6c22ac0affc900bc89e10N.exe
2892	349983b7e0e6c22ac0affc900bc89e10N.exe
2548	349983b7e0e6c22ac0affc900bc89e10N.exe
2256	349983b7e0e6c22ac0affc900bc89e10N.exe
2108	349983b7e0e6c22ac0affc900bc89e10N.exe
596	349983b7e0e6c22ac0affc900bc89e10N.exe
1232	349983b7e0e6c22ac0affc900bc89e10N.exe
1572	349983b7e0e6c22ac0affc900bc89e10N.exe
484	349983b7e0e6c22ac0affc900bc89e10N.exe
2324	349983b7e0e6c22ac0affc900bc89e10N.exe
2648	349983b7e0e6c22ac0affc900bc89e10N.exe
2608	349983b7e0e6c22ac0affc900bc89e10N.exe
1456	349983b7e0e6c22ac0affc900bc89e10N.exe
2464	349983b7e0e6c22ac0affc900bc89e10N.exe
2376	349983b7e0e6c22ac0affc900bc89e10N.exe
2096	349983b7e0e6c22ac0affc900bc89e10N.exe
3000	349983b7e0e6c22ac0affc900bc89e10N.exe
1772	349983b7e0e6c22ac0affc900bc89e10N.exe
1164	349983b7e0e6c22ac0affc900bc89e10N.exe
960	349983b7e0e6c22ac0affc900bc89e10N.exe
2892	349983b7e0e6c22ac0affc900bc89e10N.exe
2548	349983b7e0e6c22ac0affc900bc89e10N.exe
2520	349983b7e0e6c22ac0affc900bc89e10N.exe
1232	349983b7e0e6c22ac0affc900bc89e10N.exe
1572	349983b7e0e6c22ac0affc900bc89e10N.exe
1836	349983b7e0e6c22ac0affc900bc89e10N.exe
2256	349983b7e0e6c22ac0affc900bc89e10N.exe
2100	349983b7e0e6c22ac0affc900bc89e10N.exe
1072	349983b7e0e6c22ac0affc900bc89e10N.exe
1472	349983b7e0e6c22ac0affc900bc89e10N.exe
2108	349983b7e0e6c22ac0affc900bc89e10N.exe
2324	349983b7e0e6c22ac0affc900bc89e10N.exe
2608	349983b7e0e6c22ac0affc900bc89e10N.exe
1492	349983b7e0e6c22ac0affc900bc89e10N.exe
352	349983b7e0e6c22ac0affc900bc89e10N.exe
2648	349983b7e0e6c22ac0affc900bc89e10N.exe
1988	349983b7e0e6c22ac0affc900bc89e10N.exe
596	349983b7e0e6c22ac0affc900bc89e10N.exe
1736	349983b7e0e6c22ac0affc900bc89e10N.exe
3000	349983b7e0e6c22ac0affc900bc89e10N.exe
484	349983b7e0e6c22ac0affc900bc89e10N.exe
484	349983b7e0e6c22ac0affc900bc89e10N.exe
2464	349983b7e0e6c22ac0affc900bc89e10N.exe
2464	349983b7e0e6c22ac0affc900bc89e10N.exe
2056	349983b7e0e6c22ac0affc900bc89e10N.exe
2056	349983b7e0e6c22ac0affc900bc89e10N.exe
2268	349983b7e0e6c22ac0affc900bc89e10N.exe
2268	349983b7e0e6c22ac0affc900bc89e10N.exe
1456	349983b7e0e6c22ac0affc900bc89e10N.exe
1456	349983b7e0e6c22ac0affc900bc89e10N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2096 wrote to memory of 2608	2096	349983b7e0e6c22ac0affc900bc89e10N.exe	30
PID 2096 wrote to memory of 2608	2096	349983b7e0e6c22ac0affc900bc89e10N.exe	30
PID 2096 wrote to memory of 2608	2096	349983b7e0e6c22ac0affc900bc89e10N.exe	30
PID 2096 wrote to memory of 2608	2096	349983b7e0e6c22ac0affc900bc89e10N.exe	30
PID 2608 wrote to memory of 2324	2608	349983b7e0e6c22ac0affc900bc89e10N.exe	31
PID 2608 wrote to memory of 2324	2608	349983b7e0e6c22ac0affc900bc89e10N.exe	31
PID 2608 wrote to memory of 2324	2608	349983b7e0e6c22ac0affc900bc89e10N.exe	31
PID 2608 wrote to memory of 2324	2608	349983b7e0e6c22ac0affc900bc89e10N.exe	31
PID 2096 wrote to memory of 1572	2096	349983b7e0e6c22ac0affc900bc89e10N.exe	32
PID 2096 wrote to memory of 1572	2096	349983b7e0e6c22ac0affc900bc89e10N.exe	32
PID 2096 wrote to memory of 1572	2096	349983b7e0e6c22ac0affc900bc89e10N.exe	32
PID 2096 wrote to memory of 1572	2096	349983b7e0e6c22ac0affc900bc89e10N.exe	32
PID 2324 wrote to memory of 2548	2324	349983b7e0e6c22ac0affc900bc89e10N.exe	33
PID 2324 wrote to memory of 2548	2324	349983b7e0e6c22ac0affc900bc89e10N.exe	33
PID 2324 wrote to memory of 2548	2324	349983b7e0e6c22ac0affc900bc89e10N.exe	33
PID 2324 wrote to memory of 2548	2324	349983b7e0e6c22ac0affc900bc89e10N.exe	33
PID 1572 wrote to memory of 1232	1572	349983b7e0e6c22ac0affc900bc89e10N.exe	34
PID 1572 wrote to memory of 1232	1572	349983b7e0e6c22ac0affc900bc89e10N.exe	34
PID 1572 wrote to memory of 1232	1572	349983b7e0e6c22ac0affc900bc89e10N.exe	34
PID 1572 wrote to memory of 1232	1572	349983b7e0e6c22ac0affc900bc89e10N.exe	34
PID 2608 wrote to memory of 2648	2608	349983b7e0e6c22ac0affc900bc89e10N.exe	35
PID 2608 wrote to memory of 2648	2608	349983b7e0e6c22ac0affc900bc89e10N.exe	35
PID 2608 wrote to memory of 2648	2608	349983b7e0e6c22ac0affc900bc89e10N.exe	35
PID 2608 wrote to memory of 2648	2608	349983b7e0e6c22ac0affc900bc89e10N.exe	35
PID 2096 wrote to memory of 3000	2096	349983b7e0e6c22ac0affc900bc89e10N.exe	36
PID 2096 wrote to memory of 3000	2096	349983b7e0e6c22ac0affc900bc89e10N.exe	36
PID 2096 wrote to memory of 3000	2096	349983b7e0e6c22ac0affc900bc89e10N.exe	36
PID 2096 wrote to memory of 3000	2096	349983b7e0e6c22ac0affc900bc89e10N.exe	36
PID 2548 wrote to memory of 2892	2548	349983b7e0e6c22ac0affc900bc89e10N.exe	37
PID 2548 wrote to memory of 2892	2548	349983b7e0e6c22ac0affc900bc89e10N.exe	37
PID 2548 wrote to memory of 2892	2548	349983b7e0e6c22ac0affc900bc89e10N.exe	37
PID 2548 wrote to memory of 2892	2548	349983b7e0e6c22ac0affc900bc89e10N.exe	37
PID 1232 wrote to memory of 2108	1232	349983b7e0e6c22ac0affc900bc89e10N.exe	38
PID 1232 wrote to memory of 2108	1232	349983b7e0e6c22ac0affc900bc89e10N.exe	38
PID 1232 wrote to memory of 2108	1232	349983b7e0e6c22ac0affc900bc89e10N.exe	38
PID 1232 wrote to memory of 2108	1232	349983b7e0e6c22ac0affc900bc89e10N.exe	38
PID 2324 wrote to memory of 2256	2324	349983b7e0e6c22ac0affc900bc89e10N.exe	39
PID 2324 wrote to memory of 2256	2324	349983b7e0e6c22ac0affc900bc89e10N.exe	39
PID 2324 wrote to memory of 2256	2324	349983b7e0e6c22ac0affc900bc89e10N.exe	39
PID 2324 wrote to memory of 2256	2324	349983b7e0e6c22ac0affc900bc89e10N.exe	39
PID 1572 wrote to memory of 596	1572	349983b7e0e6c22ac0affc900bc89e10N.exe	40
PID 1572 wrote to memory of 596	1572	349983b7e0e6c22ac0affc900bc89e10N.exe	40
PID 1572 wrote to memory of 596	1572	349983b7e0e6c22ac0affc900bc89e10N.exe	40
PID 1572 wrote to memory of 596	1572	349983b7e0e6c22ac0affc900bc89e10N.exe	40
PID 2648 wrote to memory of 484	2648	349983b7e0e6c22ac0affc900bc89e10N.exe	41
PID 2648 wrote to memory of 484	2648	349983b7e0e6c22ac0affc900bc89e10N.exe	41
PID 2648 wrote to memory of 484	2648	349983b7e0e6c22ac0affc900bc89e10N.exe	41
PID 2648 wrote to memory of 484	2648	349983b7e0e6c22ac0affc900bc89e10N.exe	41
PID 2608 wrote to memory of 1456	2608	349983b7e0e6c22ac0affc900bc89e10N.exe	42
PID 2608 wrote to memory of 1456	2608	349983b7e0e6c22ac0affc900bc89e10N.exe	42
PID 2608 wrote to memory of 1456	2608	349983b7e0e6c22ac0affc900bc89e10N.exe	42
PID 2608 wrote to memory of 1456	2608	349983b7e0e6c22ac0affc900bc89e10N.exe	42
PID 2096 wrote to memory of 2376	2096	349983b7e0e6c22ac0affc900bc89e10N.exe	43
PID 2096 wrote to memory of 2376	2096	349983b7e0e6c22ac0affc900bc89e10N.exe	43
PID 2096 wrote to memory of 2376	2096	349983b7e0e6c22ac0affc900bc89e10N.exe	43
PID 2096 wrote to memory of 2376	2096	349983b7e0e6c22ac0affc900bc89e10N.exe	43
PID 3000 wrote to memory of 2464	3000	349983b7e0e6c22ac0affc900bc89e10N.exe	44
PID 3000 wrote to memory of 2464	3000	349983b7e0e6c22ac0affc900bc89e10N.exe	44
PID 3000 wrote to memory of 2464	3000	349983b7e0e6c22ac0affc900bc89e10N.exe	44
PID 3000 wrote to memory of 2464	3000	349983b7e0e6c22ac0affc900bc89e10N.exe	44
PID 2548 wrote to memory of 1772	2548	349983b7e0e6c22ac0affc900bc89e10N.exe	45
PID 2548 wrote to memory of 1772	2548	349983b7e0e6c22ac0affc900bc89e10N.exe	45
PID 2548 wrote to memory of 1772	2548	349983b7e0e6c22ac0affc900bc89e10N.exe	45
PID 2548 wrote to memory of 1772	2548	349983b7e0e6c22ac0affc900bc89e10N.exe	45

C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
"C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2096
- C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
  "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2608
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2324
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2548
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2892
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        8⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        9⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        10⤵
        
        PID:12124
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        9⤵
        
        PID:8536
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        9⤵
        
        PID:17020
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        8⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        9⤵
        
        PID:8884
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        9⤵
        
        PID:15740
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        8⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        9⤵
        
        PID:10860
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        8⤵
        
        PID:11000
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        8⤵
        
        PID:16864
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        8⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        9⤵
        
        PID:11816
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        8⤵
        
        PID:8264
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        8⤵
        
        PID:10632
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        8⤵
        
        PID:15588
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        8⤵
        
        PID:8432
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        8⤵
        
        PID:15768
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        8⤵
        
        PID:10960
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        8⤵
        
        PID:16904
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:11468
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        8⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        9⤵
        
        PID:12088
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        8⤵
        
        PID:8560
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        8⤵
        
        PID:15684
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        8⤵
        
        PID:8648
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        8⤵
        
        PID:17168
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        8⤵
        
        PID:10868
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:11008
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:15556
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        8⤵
        
        PID:11224
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        8⤵
        
        PID:15540
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:9376
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:17228
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:8860
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:15748
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:7032
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:10908
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:19060
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1772
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        8⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        9⤵
        
        PID:12348
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        8⤵
        
        PID:8552
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        8⤵
        
        PID:17116
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        8⤵
        
        PID:8484
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        8⤵
        
        PID:15528
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        8⤵
        
        PID:10952
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        8⤵
        
        PID:19232
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:11644
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        8⤵
        
        PID:9368
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        8⤵
        
        PID:15624
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:8304
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:17216
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:8404
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:13408
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:6672
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:9208
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:16892
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:2860
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:8528
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:15756
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:8616
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:15724
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:10924
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:11600
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:3660
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:12132
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:8520
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:17012
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:4956
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:8632
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:17088
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:7056
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:11016
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:19040
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2256
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2520
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        8⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        9⤵
        
        PID:10936
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        9⤵
        
        PID:17192
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        8⤵
        
        PID:10916
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        8⤵
        
        PID:11204
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        8⤵
        
        PID:18480
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:8356
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:17068
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:10084
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:9160
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:14884
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:7556
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:15372
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:2872
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:7416
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:14896
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:12152
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:7928
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:10612
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:3948
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:10944
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:19100
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:10076
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:15672
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:5376
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:11212
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:19124
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:7756
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:13552
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2100
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:2328
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:8292
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:14728
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:6852
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:11848
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:15792
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:4268
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:7592
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:15432
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:6304
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:10572
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:15616
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:2616
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:3384
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:6788
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:11592
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:5768
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:8472
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:17180
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:4012
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:6920
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:10992
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:19132
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:5456
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:10852
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:8252
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:10640
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:15604
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2648
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:484
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1988
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        8⤵
        
        PID:8828
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        8⤵
        
        PID:14616
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:7600
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:13420
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:7372
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:15448
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:6180
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:10624
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:15596
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:2260
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:8852
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:15776
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:7088
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:11584
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:4196
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:7848
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:14736
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:6128
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:9600
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:19108
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:352
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:2868
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:8260
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:14676
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:7608
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:12012
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:4320
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:7868
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:15380
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:6216
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:9964
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:2612
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:4216
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:7800
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:12168
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:5904
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:9608
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:19212
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:3836
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:6504
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:11444
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:6004
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:12144
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:9168
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:15664
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1456
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:304
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:3328
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:9564
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:7880
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:15388
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:4464
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:7724
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:14656
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:6340
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:10360
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:1888
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:4716
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:8836
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:13348
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:6756
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:10976
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:22908
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:4116
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:7448
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:12048
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:5476
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:9392
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:17004
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1072
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:2168
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:4244
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:8316
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:14696
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:6832
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:9624
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:19196
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:4280
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:7560
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:13392
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:6152
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:10532
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:16832
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:2632
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:3888
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:7516
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:12176
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:6044
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:11032
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:19116
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:9416
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:17076
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:4044
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:6840
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:10984
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:16840
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:5508
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:11692
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:8296
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:16916
- C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
  "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1572
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1232
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2108
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1472
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        8⤵
        
        PID:9988
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        8⤵
        
        PID:19140
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:11832
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:19356
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:11576
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:6060
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:9792
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:2208
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        8⤵
        
        PID:10968
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        8⤵
        
        PID:19084
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:11460
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:12096
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:8332
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:16988
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:3956
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:6884
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:11824
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:17144
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:5408
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:11552
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:8348
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:16980
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:960
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:2724
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:10564
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:15580
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:10744
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:7380
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:15440
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:3796
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:12160
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:9616
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:19224
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:4524
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:9980
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:19048
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:7616
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:13400
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:2568
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:3820
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:5988
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:9808
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:4420
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:8820
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:12004
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:8184
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:14904
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:3736
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:5848
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:9328
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:19072
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:9184
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:14644
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:4292
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:9572
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:6928
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:11840
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:19348
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:596
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1492
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:2664
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:8324
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:14704
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:7584
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:14744
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:4340
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:8064
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:14920
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:6012
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:9800
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:22888
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:2164
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:4512
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:7636
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:15460
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:6348
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:10100
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:4020
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:7024
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:9816
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:5980
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:9152
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:17124
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1836
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:580
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:4172
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:9360
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:16924
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:6812
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:11452
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:4252
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:7504
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:14928
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:6168
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:10548
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:15572
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:2864
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:4032
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:6864
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:11560
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:5560
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:11196
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:22900
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:8448
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:15708
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:3784
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:5760
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:9384
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:17028
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:4316
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:8284
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:14752
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:7340
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:14720
- C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
  "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3000
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2464
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2056
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:3304
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:10204
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:7364
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:11872
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:4488
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:8168
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:10648
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:15508
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:6400
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:10540
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:15648
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:1452
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:4684
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:8496
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:15716
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:6744
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:11436
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:4124
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:7536
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:13332
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:5468
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:9400
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:15784
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1736
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:3212
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:4928
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:9972
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:19188
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:7492
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:14664
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:4408
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:8460
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:15872
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:6020
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:10092
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:17136
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:2344
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:4536
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:8388
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:11996
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:6568
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:9200
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:14632
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:3320
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:1044
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:10108
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:6052
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:11232
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:9408
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:16968
- C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
  "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2376
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:804
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:3260
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:4348
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:8868
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:16996
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:7456
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:15632
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:4472
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:7628
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:15488
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:6324
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:10116
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:2080
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:4776
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:8600
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:17108
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:6936
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:11632
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:4156
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:7392
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:13384
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:5432
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:9192
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:13364
- C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
  "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2268
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:3292
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:5108
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:8876
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:15548
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:7908
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:15396
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:4480
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:8176
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:15404
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:6392
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:10524
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:15656
- C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
  "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
  2⤵
  PID:3012
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:4984
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:8844
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:15732
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:6996
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:11024
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:16884
- C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
  "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
  2⤵
  PID:4148
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:7692
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:15424
- C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
  "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
  2⤵
  PID:5444
- C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
  "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
  2⤵
  PID:9176
- C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
  "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
  2⤵
  PID:13340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\brasilian fetish fucking [free] cock (Kathrin,Sylvia).avi.exe

Filesize
706KB

MD5
8f18d4fef206bab3330d9927731991ba

SHA1
a378046e9df19b04b6be4635e7ae14f810b74c5c

SHA256
9c631826535ddf7b6e7e816c87df7b04554e89111911d244fb10863c22903790

SHA512
2007ef5d354e06f32499abee344cd3724bd578b43a416447d5afe8167859c3415a3e58b40c3a762050edb54cc3f3f0a645d4996fe836df157bc794953341a287

Download Submit
C:\debug.txt

Filesize
183B

MD5
89138270aa9b1dc3c0aaa3b5e7e41308

SHA1
c493a0aaee0d4ad656a037333de3005813ffed03

SHA256
1de64888cf35c257057a95a545be589fca6eeab2c6dff488403993db185a8cf7

SHA512
9b35c42e1bce47636b78e6f88dd3c05372ed8d18f018fd814416e35905dba484712d1eceef65cfea938b3e4973cfcdffbb1d62b38d0606aefcc458adfbb269b7

Download Submit
memory/304-183-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/352-172-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/352-145-0x0000000004DF0000-0x0000000004E1B000-memory.dmp

Filesize
172KB

Download
memory/484-157-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/484-138-0x0000000004F20000-0x0000000004F4B000-memory.dmp

Filesize
172KB

Download
memory/484-102-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/596-104-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/596-136-0x0000000001EF0000-0x0000000001F1B000-memory.dmp

Filesize
172KB

Download
memory/804-121-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/960-165-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/960-129-0x0000000004F20000-0x0000000004F4B000-memory.dmp

Filesize
172KB

Download
memory/960-110-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1072-170-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1072-144-0x0000000004F20000-0x0000000004F4B000-memory.dmp

Filesize
172KB

Download
memory/1164-122-0x0000000000780000-0x00000000007AB000-memory.dmp

Filesize
172KB

Download
memory/1164-109-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1164-164-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1232-95-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1232-152-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1232-128-0x0000000005080000-0x00000000050AB000-memory.dmp

Filesize
172KB

Download
memory/1456-160-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1456-137-0x0000000004F30000-0x0000000004F5B000-memory.dmp

Filesize
172KB

Download
memory/1456-117-0x0000000004590000-0x00000000045BB000-memory.dmp

Filesize
172KB

Download
memory/1456-177-0x0000000004590000-0x00000000045BB000-memory.dmp

Filesize
172KB

Download
memory/1472-171-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1472-143-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/1492-114-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1492-174-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1572-93-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1572-130-0x0000000004E50000-0x0000000004E7B000-memory.dmp

Filesize
172KB

Download
memory/1572-149-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1736-115-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1736-175-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1740-124-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1772-123-0x0000000000550000-0x000000000057B000-memory.dmp

Filesize
172KB

Download
memory/1772-108-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1772-162-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1836-142-0x0000000005030000-0x000000000505B000-memory.dmp

Filesize
172KB

Download
memory/1836-168-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1836-111-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1988-113-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1988-173-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2056-179-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2056-119-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2056-154-0x0000000004F40000-0x0000000004F6B000-memory.dmp

Filesize
172KB

Download
memory/2080-141-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2096-178-0x0000000005C00000-0x0000000005C2B000-memory.dmp

Filesize
172KB

Download
memory/2096-139-0x0000000005C00000-0x0000000005C2B000-memory.dmp

Filesize
172KB

Download
memory/2096-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2096-92-0x0000000005C00000-0x0000000005C2B000-memory.dmp

Filesize
172KB

Download
memory/2096-118-0x0000000005C00000-0x0000000005C2B000-memory.dmp

Filesize
172KB

Download
memory/2096-55-0x0000000005C00000-0x0000000005C2B000-memory.dmp

Filesize
172KB

Download
memory/2096-146-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2096-147-0x0000000005C00000-0x0000000005C2B000-memory.dmp

Filesize
172KB

Download
memory/2100-169-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2100-112-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2108-103-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2108-158-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2256-101-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2256-156-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2256-132-0x0000000004F30000-0x0000000004F5B000-memory.dmp

Filesize
172KB

Download
memory/2268-120-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2268-180-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2324-150-0x0000000001F20000-0x0000000001F4B000-memory.dmp

Filesize
172KB

Download
memory/2324-91-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2324-94-0x0000000001F20000-0x0000000001F4B000-memory.dmp

Filesize
172KB

Download
memory/2376-159-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2376-140-0x0000000004F40000-0x0000000004F6B000-memory.dmp

Filesize
172KB

Download
memory/2376-182-0x0000000001EA0000-0x0000000001ECB000-memory.dmp

Filesize
172KB

Download
memory/2464-116-0x0000000004E30000-0x0000000004E5B000-memory.dmp

Filesize
172KB

Download
memory/2464-176-0x0000000004E30000-0x0000000004E5B000-memory.dmp

Filesize
172KB

Download
memory/2464-161-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2464-105-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2520-184-0x0000000004E00000-0x0000000004E2B000-memory.dmp

Filesize
172KB

Download
memory/2520-166-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2520-131-0x0000000004E00000-0x0000000004E2B000-memory.dmp

Filesize
172KB

Download
memory/2528-125-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2528-163-0x0000000004460000-0x000000000448B000-memory.dmp

Filesize
172KB

Download
memory/2548-99-0x00000000045D0000-0x00000000045FB000-memory.dmp

Filesize
172KB

Download
memory/2548-155-0x00000000045D0000-0x00000000045FB000-memory.dmp

Filesize
172KB

Download
memory/2548-151-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2548-127-0x00000000045E0000-0x000000000460B000-memory.dmp

Filesize
172KB

Download
memory/2548-107-0x00000000045E0000-0x000000000460B000-memory.dmp

Filesize
172KB

Download
memory/2608-96-0x0000000005070000-0x000000000509B000-memory.dmp

Filesize
172KB

Download
memory/2608-56-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2608-133-0x0000000005070000-0x000000000509B000-memory.dmp

Filesize
172KB

Download
memory/2608-148-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2632-134-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2648-153-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2648-97-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2648-135-0x0000000004F20000-0x0000000004F4B000-memory.dmp

Filesize
172KB

Download
memory/2724-181-0x00000000006F0000-0x000000000071B000-memory.dmp

Filesize
172KB

Download
memory/2860-167-0x0000000004DE0000-0x0000000004E0B000-memory.dmp

Filesize
172KB

Download
memory/2892-126-0x0000000004D10000-0x0000000004D3B000-memory.dmp

Filesize
172KB

Download
memory/2892-100-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3000-98-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download