7b7ee22d5eeb5c2225173dd0e9c01e780d6f67fa4e35510dfbad536e84bb3742

Analysis

max time kernel
22s
max time network
117s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
19/07/2024, 01:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3684bd0a78e526ce995358c3b9f02470N.exe
Size

1.9MB
MD5

3684bd0a78e526ce995358c3b9f02470
SHA1

ee098da35c50f6fecf7ac99147f8feacce459b50
SHA256

7b7ee22d5eeb5c2225173dd0e9c01e780d6f67fa4e35510dfbad536e84bb3742
SHA512

96ccafa0f63640c278a11f7f193c1bf62a3a350142c3b982eec3e2ff7f6e5d9ddd75adca2e91424ecd376a799f878db02c16583fac70c8d3b21cc028ec493017
SSDEEP

24576:86KmirvS2rqapB+5J+ZgnBFA9iqEpo8s62PZUCVIYBq+kKMt3QvTdIpjVliHQJqt:5OKQonBiiG8UBUCnBq+kFKepb9VEQi

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	3684bd0a78e526ce995358c3b9f02470N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\B:	3684bd0a78e526ce995358c3b9f02470N.exe
File opened (read-only)	\??\H:	3684bd0a78e526ce995358c3b9f02470N.exe
File opened (read-only)	\??\Z:	3684bd0a78e526ce995358c3b9f02470N.exe
File opened (read-only)	\??\E:	3684bd0a78e526ce995358c3b9f02470N.exe
File opened (read-only)	\??\N:	3684bd0a78e526ce995358c3b9f02470N.exe
File opened (read-only)	\??\O:	3684bd0a78e526ce995358c3b9f02470N.exe
File opened (read-only)	\??\R:	3684bd0a78e526ce995358c3b9f02470N.exe
File opened (read-only)	\??\S:	3684bd0a78e526ce995358c3b9f02470N.exe
File opened (read-only)	\??\V:	3684bd0a78e526ce995358c3b9f02470N.exe
File opened (read-only)	\??\W:	3684bd0a78e526ce995358c3b9f02470N.exe
File opened (read-only)	\??\A:	3684bd0a78e526ce995358c3b9f02470N.exe
File opened (read-only)	\??\G:	3684bd0a78e526ce995358c3b9f02470N.exe
File opened (read-only)	\??\I:	3684bd0a78e526ce995358c3b9f02470N.exe
File opened (read-only)	\??\K:	3684bd0a78e526ce995358c3b9f02470N.exe
File opened (read-only)	\??\M:	3684bd0a78e526ce995358c3b9f02470N.exe
File opened (read-only)	\??\Q:	3684bd0a78e526ce995358c3b9f02470N.exe
File opened (read-only)	\??\U:	3684bd0a78e526ce995358c3b9f02470N.exe
File opened (read-only)	\??\X:	3684bd0a78e526ce995358c3b9f02470N.exe
File opened (read-only)	\??\J:	3684bd0a78e526ce995358c3b9f02470N.exe
File opened (read-only)	\??\L:	3684bd0a78e526ce995358c3b9f02470N.exe
File opened (read-only)	\??\P:	3684bd0a78e526ce995358c3b9f02470N.exe
File opened (read-only)	\??\T:	3684bd0a78e526ce995358c3b9f02470N.exe
File opened (read-only)	\??\Y:	3684bd0a78e526ce995358c3b9f02470N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\canadian lesbian uncut mistress (Anniston).avi.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\SysWOW64\FxsTmp\tyrkish xxx blowjob public hole .zip.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\black horse fucking voyeur \× .mpeg.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\SysWOW64\FxsTmp\sperm hot (!) hole 40+ .mpg.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\SysWOW64\IME\shared\asian sperm fetish voyeur .mpeg.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\chinese cumshot beastiality several models high heels (Sonja,Liz).mpeg.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\System32\DriverStore\Temp\canadian bukkake bukkake big wifey .avi.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\SysWOW64\IME\shared\porn [milf] .rar.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\cumshot hardcore sleeping high heels .rar.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\italian hardcore xxx girls legs .avi.exe	3684bd0a78e526ce995358c3b9f02470N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\black horse handjob [milf] ash .mpg.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\american beast [milf] (Liz,Kathrin).mpg.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\danish porn xxx lesbian upskirt .zip.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Program Files\DVD Maker\Shared\blowjob voyeur ìï .zip.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\porn hidden feet mistress (Sylvia).rar.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\fetish big .avi.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\lesbian action [milf] .avi.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\indian lesbian fucking [milf] mistress (Gina).avi.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Program Files (x86)\Google\Temp\fetish masturbation titts .rar.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Program Files (x86)\Google\Update\Download\swedish lingerie gang bang lesbian bedroom .avi.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\xxx horse lesbian (Ashley).avi.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\canadian lesbian catfight (Jenna,Jenna).zip.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\porn sleeping ash .mpeg.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Program Files\Windows Journal\Templates\xxx masturbation .avi.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\hardcore gang bang sleeping .rar.exe	3684bd0a78e526ce995358c3b9f02470N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\malaysia nude kicking girls hole circumcision (Jade).rar.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\danish trambling porn licking glans balls .zip.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\hardcore beastiality uncut (Sarah,Sylvia).zip.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\tyrkish cum [milf] latex (Ashley).mpeg.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\bukkake trambling [free] glans stockings .rar.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\Downloaded Program Files\beastiality lesbian feet .mpeg.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\american xxx gay [free] ash wifey .avi.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\japanese handjob full movie latex .mpg.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\indian animal uncut (Janette,Tatjana).rar.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\norwegian blowjob voyeur .mpeg.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\african lingerie porn hidden .zip.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\german cumshot big redhair (Karin,Karin).rar.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\fetish several models cock stockings (Janette,Anniston).mpg.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\swedish xxx gay voyeur .mpeg.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\canadian cum [free] traffic (Anniston).mpg.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\cumshot big .avi.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\norwegian cum nude big femdom .mpeg.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\italian gang bang full movie sweet .rar.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\indian lesbian animal voyeur .avi.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\sperm [free] boots .mpeg.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\cum girls cock lady .mpeg.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\beastiality animal lesbian 40+ .rar.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\chinese trambling hot (!) glans shoes .zip.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\japanese cumshot sleeping hole shoes .mpg.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\cum lesbian nipples 50+ (Ashley,Liz).mpg.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\german hardcore horse hot (!) shoes .zip.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\porn kicking several models young .avi.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\norwegian hardcore kicking girls cock bedroom (Christine).rar.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\brasilian beastiality full movie penetration .rar.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\chinese nude porn sleeping cock redhair .rar.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\african beast nude masturbation .avi.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\spanish nude full movie beautyfull .rar.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\italian beast sperm catfight femdom .avi.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\indian gang bang hardcore [free] .avi.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\kicking [bangbus] gorgeoushorny .mpeg.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\british lingerie lesbian big feet bondage (Kathrin,Christine).zip.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\cumshot [bangbus] penetration .rar.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\trambling fetish uncut hairy .mpg.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\winsxs\InstallTemp\black lingerie lesbian uncut castration .mpg.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\black kicking licking titts .zip.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\assembly\tmp\bukkake uncut femdom (Sandy).rar.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\sperm blowjob hidden (Gina,Jade).mpg.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\norwegian lingerie cumshot [milf] .avi.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\american gang bang public (Melissa,Kathrin).mpeg.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\xxx horse voyeur (Jenna).rar.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\german animal hidden wifey .rar.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\lingerie masturbation ìï .mpg.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\beastiality fucking [bangbus] (Jade,Kathrin).avi.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\hardcore fucking public .rar.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\beastiality cumshot licking beautyfull .mpg.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\xxx cumshot masturbation girly .mpeg.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\assembly\temp\american lingerie [free] hole latex .mpg.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\japanese beast gay [milf] (Karin).mpeg.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\blowjob girls vagina .avi.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\canadian hardcore masturbation .zip.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\PLA\Templates\horse fucking several models ash (Melissa).zip.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\chinese fetish several models 40+ .mpg.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\canadian cumshot voyeur .mpg.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\brasilian cum lesbian (Christine,Samantha).mpeg.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\cum public ash mistress .avi.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\SoftwareDistribution\Download\brasilian handjob voyeur mistress (Kathrin).zip.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\hardcore trambling several models boobs (Liz,Tatjana).mpg.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\action cum licking bedroom .mpeg.exe	3684bd0a78e526ce995358c3b9f02470N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\malaysia handjob big titts .mpeg.exe	3684bd0a78e526ce995358c3b9f02470N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
712	3684bd0a78e526ce995358c3b9f02470N.exe
2720	3684bd0a78e526ce995358c3b9f02470N.exe
712	3684bd0a78e526ce995358c3b9f02470N.exe
2164	3684bd0a78e526ce995358c3b9f02470N.exe
2336	3684bd0a78e526ce995358c3b9f02470N.exe
2720	3684bd0a78e526ce995358c3b9f02470N.exe
712	3684bd0a78e526ce995358c3b9f02470N.exe
2504	3684bd0a78e526ce995358c3b9f02470N.exe
2164	3684bd0a78e526ce995358c3b9f02470N.exe
1900	3684bd0a78e526ce995358c3b9f02470N.exe
1208	3684bd0a78e526ce995358c3b9f02470N.exe
2720	3684bd0a78e526ce995358c3b9f02470N.exe
2336	3684bd0a78e526ce995358c3b9f02470N.exe
3068	3684bd0a78e526ce995358c3b9f02470N.exe
712	3684bd0a78e526ce995358c3b9f02470N.exe
2152	3684bd0a78e526ce995358c3b9f02470N.exe
2248	3684bd0a78e526ce995358c3b9f02470N.exe
2504	3684bd0a78e526ce995358c3b9f02470N.exe
2164	3684bd0a78e526ce995358c3b9f02470N.exe
2104	3684bd0a78e526ce995358c3b9f02470N.exe
2284	3684bd0a78e526ce995358c3b9f02470N.exe
2128	3684bd0a78e526ce995358c3b9f02470N.exe
1208	3684bd0a78e526ce995358c3b9f02470N.exe
2220	3684bd0a78e526ce995358c3b9f02470N.exe
1900	3684bd0a78e526ce995358c3b9f02470N.exe
3056	3684bd0a78e526ce995358c3b9f02470N.exe
2720	3684bd0a78e526ce995358c3b9f02470N.exe
2336	3684bd0a78e526ce995358c3b9f02470N.exe
3068	3684bd0a78e526ce995358c3b9f02470N.exe
1112	3684bd0a78e526ce995358c3b9f02470N.exe
712	3684bd0a78e526ce995358c3b9f02470N.exe
1600	3684bd0a78e526ce995358c3b9f02470N.exe
2736	3684bd0a78e526ce995358c3b9f02470N.exe
2364	3684bd0a78e526ce995358c3b9f02470N.exe
2248	3684bd0a78e526ce995358c3b9f02470N.exe
2152	3684bd0a78e526ce995358c3b9f02470N.exe
2488	3684bd0a78e526ce995358c3b9f02470N.exe
1072	3684bd0a78e526ce995358c3b9f02470N.exe
2504	3684bd0a78e526ce995358c3b9f02470N.exe
2164	3684bd0a78e526ce995358c3b9f02470N.exe
2104	3684bd0a78e526ce995358c3b9f02470N.exe
2368	3684bd0a78e526ce995358c3b9f02470N.exe
2284	3684bd0a78e526ce995358c3b9f02470N.exe
2284	3684bd0a78e526ce995358c3b9f02470N.exe
768	3684bd0a78e526ce995358c3b9f02470N.exe
768	3684bd0a78e526ce995358c3b9f02470N.exe
2460	3684bd0a78e526ce995358c3b9f02470N.exe
2460	3684bd0a78e526ce995358c3b9f02470N.exe
1088	3684bd0a78e526ce995358c3b9f02470N.exe
1088	3684bd0a78e526ce995358c3b9f02470N.exe
2264	3684bd0a78e526ce995358c3b9f02470N.exe
2264	3684bd0a78e526ce995358c3b9f02470N.exe
1208	3684bd0a78e526ce995358c3b9f02470N.exe
1208	3684bd0a78e526ce995358c3b9f02470N.exe
2128	3684bd0a78e526ce995358c3b9f02470N.exe
2128	3684bd0a78e526ce995358c3b9f02470N.exe
2644	3684bd0a78e526ce995358c3b9f02470N.exe
2644	3684bd0a78e526ce995358c3b9f02470N.exe
2324	3684bd0a78e526ce995358c3b9f02470N.exe
2324	3684bd0a78e526ce995358c3b9f02470N.exe
1900	3684bd0a78e526ce995358c3b9f02470N.exe
1900	3684bd0a78e526ce995358c3b9f02470N.exe
1900	3684bd0a78e526ce995358c3b9f02470N.exe
2336	3684bd0a78e526ce995358c3b9f02470N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 712 wrote to memory of 2720	712	3684bd0a78e526ce995358c3b9f02470N.exe	30
PID 712 wrote to memory of 2720	712	3684bd0a78e526ce995358c3b9f02470N.exe	30
PID 712 wrote to memory of 2720	712	3684bd0a78e526ce995358c3b9f02470N.exe	30
PID 712 wrote to memory of 2720	712	3684bd0a78e526ce995358c3b9f02470N.exe	30
PID 2720 wrote to memory of 2164	2720	3684bd0a78e526ce995358c3b9f02470N.exe	31
PID 2720 wrote to memory of 2164	2720	3684bd0a78e526ce995358c3b9f02470N.exe	31
PID 2720 wrote to memory of 2164	2720	3684bd0a78e526ce995358c3b9f02470N.exe	31
PID 2720 wrote to memory of 2164	2720	3684bd0a78e526ce995358c3b9f02470N.exe	31
PID 712 wrote to memory of 2336	712	3684bd0a78e526ce995358c3b9f02470N.exe	32
PID 712 wrote to memory of 2336	712	3684bd0a78e526ce995358c3b9f02470N.exe	32
PID 712 wrote to memory of 2336	712	3684bd0a78e526ce995358c3b9f02470N.exe	32
PID 712 wrote to memory of 2336	712	3684bd0a78e526ce995358c3b9f02470N.exe	32
PID 2164 wrote to memory of 2504	2164	3684bd0a78e526ce995358c3b9f02470N.exe	33
PID 2164 wrote to memory of 2504	2164	3684bd0a78e526ce995358c3b9f02470N.exe	33
PID 2164 wrote to memory of 2504	2164	3684bd0a78e526ce995358c3b9f02470N.exe	33
PID 2164 wrote to memory of 2504	2164	3684bd0a78e526ce995358c3b9f02470N.exe	33
PID 2720 wrote to memory of 1208	2720	3684bd0a78e526ce995358c3b9f02470N.exe	34
PID 2720 wrote to memory of 1208	2720	3684bd0a78e526ce995358c3b9f02470N.exe	34
PID 2720 wrote to memory of 1208	2720	3684bd0a78e526ce995358c3b9f02470N.exe	34
PID 2720 wrote to memory of 1208	2720	3684bd0a78e526ce995358c3b9f02470N.exe	34
PID 2336 wrote to memory of 1900	2336	3684bd0a78e526ce995358c3b9f02470N.exe	35
PID 2336 wrote to memory of 1900	2336	3684bd0a78e526ce995358c3b9f02470N.exe	35
PID 2336 wrote to memory of 1900	2336	3684bd0a78e526ce995358c3b9f02470N.exe	35
PID 2336 wrote to memory of 1900	2336	3684bd0a78e526ce995358c3b9f02470N.exe	35
PID 712 wrote to memory of 3068	712	3684bd0a78e526ce995358c3b9f02470N.exe	36
PID 712 wrote to memory of 3068	712	3684bd0a78e526ce995358c3b9f02470N.exe	36
PID 712 wrote to memory of 3068	712	3684bd0a78e526ce995358c3b9f02470N.exe	36
PID 712 wrote to memory of 3068	712	3684bd0a78e526ce995358c3b9f02470N.exe	36
PID 2504 wrote to memory of 2152	2504	3684bd0a78e526ce995358c3b9f02470N.exe	37
PID 2504 wrote to memory of 2152	2504	3684bd0a78e526ce995358c3b9f02470N.exe	37
PID 2504 wrote to memory of 2152	2504	3684bd0a78e526ce995358c3b9f02470N.exe	37
PID 2504 wrote to memory of 2152	2504	3684bd0a78e526ce995358c3b9f02470N.exe	37
PID 2164 wrote to memory of 2248	2164	3684bd0a78e526ce995358c3b9f02470N.exe	38
PID 2164 wrote to memory of 2248	2164	3684bd0a78e526ce995358c3b9f02470N.exe	38
PID 2164 wrote to memory of 2248	2164	3684bd0a78e526ce995358c3b9f02470N.exe	38
PID 2164 wrote to memory of 2248	2164	3684bd0a78e526ce995358c3b9f02470N.exe	38
PID 1900 wrote to memory of 2104	1900	3684bd0a78e526ce995358c3b9f02470N.exe	39
PID 1900 wrote to memory of 2104	1900	3684bd0a78e526ce995358c3b9f02470N.exe	39
PID 1900 wrote to memory of 2104	1900	3684bd0a78e526ce995358c3b9f02470N.exe	39
PID 1900 wrote to memory of 2104	1900	3684bd0a78e526ce995358c3b9f02470N.exe	39
PID 1208 wrote to memory of 2284	1208	3684bd0a78e526ce995358c3b9f02470N.exe	40
PID 1208 wrote to memory of 2284	1208	3684bd0a78e526ce995358c3b9f02470N.exe	40
PID 1208 wrote to memory of 2284	1208	3684bd0a78e526ce995358c3b9f02470N.exe	40
PID 1208 wrote to memory of 2284	1208	3684bd0a78e526ce995358c3b9f02470N.exe	40
PID 2720 wrote to memory of 2220	2720	3684bd0a78e526ce995358c3b9f02470N.exe	41
PID 2720 wrote to memory of 2220	2720	3684bd0a78e526ce995358c3b9f02470N.exe	41
PID 2720 wrote to memory of 2220	2720	3684bd0a78e526ce995358c3b9f02470N.exe	41
PID 2720 wrote to memory of 2220	2720	3684bd0a78e526ce995358c3b9f02470N.exe	41
PID 2336 wrote to memory of 2128	2336	3684bd0a78e526ce995358c3b9f02470N.exe	42
PID 2336 wrote to memory of 2128	2336	3684bd0a78e526ce995358c3b9f02470N.exe	42
PID 2336 wrote to memory of 2128	2336	3684bd0a78e526ce995358c3b9f02470N.exe	42
PID 2336 wrote to memory of 2128	2336	3684bd0a78e526ce995358c3b9f02470N.exe	42
PID 3068 wrote to memory of 3056	3068	3684bd0a78e526ce995358c3b9f02470N.exe	43
PID 3068 wrote to memory of 3056	3068	3684bd0a78e526ce995358c3b9f02470N.exe	43
PID 3068 wrote to memory of 3056	3068	3684bd0a78e526ce995358c3b9f02470N.exe	43
PID 3068 wrote to memory of 3056	3068	3684bd0a78e526ce995358c3b9f02470N.exe	43
PID 712 wrote to memory of 1112	712	3684bd0a78e526ce995358c3b9f02470N.exe	44
PID 712 wrote to memory of 1112	712	3684bd0a78e526ce995358c3b9f02470N.exe	44
PID 712 wrote to memory of 1112	712	3684bd0a78e526ce995358c3b9f02470N.exe	44
PID 712 wrote to memory of 1112	712	3684bd0a78e526ce995358c3b9f02470N.exe	44
PID 2248 wrote to memory of 2736	2248	3684bd0a78e526ce995358c3b9f02470N.exe	45
PID 2248 wrote to memory of 2736	2248	3684bd0a78e526ce995358c3b9f02470N.exe	45
PID 2248 wrote to memory of 2736	2248	3684bd0a78e526ce995358c3b9f02470N.exe	45
PID 2248 wrote to memory of 2736	2248	3684bd0a78e526ce995358c3b9f02470N.exe	45

C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
"C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:712
- C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
  "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2720
- - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
    "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2164
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2504
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2152
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        8⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        9⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        10⤵
        
        PID:8464
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        11⤵
        
        PID:8708
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        10⤵
        
        PID:10772
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        10⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        9⤵
        
        PID:9160
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        9⤵
        
        PID:19560
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        8⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        9⤵
        
        PID:9420
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        9⤵
        
        PID:20120
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        8⤵
        
        PID:7232
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        9⤵
        
        PID:8696
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        8⤵
        
        PID:11632
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        8⤵
        
        PID:19620
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        8⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        9⤵
        
        PID:11180
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        9⤵
        
        PID:18568
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        8⤵
        
        PID:9168
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        8⤵
        
        PID:19568
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        8⤵
        
        PID:9240
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        8⤵
        
        PID:20372
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:7060
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        8⤵
        
        PID:19472
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:10852
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:4892
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        8⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        9⤵
        
        PID:18868
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        8⤵
        
        PID:9176
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        9⤵
        
        PID:20356
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        8⤵
        
        PID:20060
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        8⤵
        
        PID:9264
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        8⤵
        
        PID:19148
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        8⤵
        
        PID:19512
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:10844
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:3044
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        8⤵
        
        PID:18540
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:9568
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:19968
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:9604
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:19736
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:8712
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:11664
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:2308
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2364
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        8⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        9⤵
        
        PID:18552
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        8⤵
        
        PID:9576
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        8⤵
        
        PID:20044
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        8⤵
        
        PID:9224
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        8⤵
        
        PID:19752
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:7268
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        8⤵
        
        PID:19300
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:11968
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:6284
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        8⤵
        
        PID:11776
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        8⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:9328
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:12184
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:6580
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:9548
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:14400
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:7208
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:19284
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:11688
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:6436
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:1712
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        8⤵
        
        PID:18584
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:10308
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:5996
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:9916
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:18932
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:7528
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:9924
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:12012
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:2244
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:3664
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:18528
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:9776
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:20260
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:5056
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:9836
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:20244
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:7376
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:19712
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:14352
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2248
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2736
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        8⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        9⤵
        
        PID:12120
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        9⤵
        
        PID:18624
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        8⤵
        
        PID:8992
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        8⤵
        
        PID:19060
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        8⤵
        
        PID:9304
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        8⤵
        
        PID:20068
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        8⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:10836
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        8⤵
        
        PID:156
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:20040
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        8⤵
        
        PID:11816
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        8⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:9312
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:12144
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:9584
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:9368
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:20080
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:7224
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:18892
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:11680
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:3248
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:436
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        8⤵
        
        PID:18884
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:9008
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:19076
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:9296
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:20172
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:5220
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:10932
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:20348
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:20188
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:3548
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:11172
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:2124
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:9336
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:12152
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:848
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:4688
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:9232
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:20420
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:7068
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:5856
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:10828
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:5704
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2488
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:888
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        8⤵
        
        PID:20308
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:9936
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:20156
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:9864
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:20236
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:7520
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:19324
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:12020
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:6068
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:3648
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:12200
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:20180
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:9784
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:19800
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:4844
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:9536
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:14680
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:7192
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:19292
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:10804
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:4756
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:3936
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:19348
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:10348
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:20452
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:5336
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:11344
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:1816
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:7948
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:18852
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:3672
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:6092
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:19452
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:9436
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:12176
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:3588
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:5040
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:9848
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:20228
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:7392
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:19364
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:12036
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:9800
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:8324
- - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
    "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1208
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2284
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2368
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        8⤵
        
        PID:7344
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        9⤵
        
        PID:19380
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        8⤵
        
        PID:11604
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        8⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        8⤵
        
        PID:18600
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:9688
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:2884
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        8⤵
        
        PID:19204
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:10476
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:2380
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:9736
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:18836
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:7512
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:20404
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:12028
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:8772
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:2404
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        8⤵
        
        PID:19340
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:10908
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:19816
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:12112
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:19824
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:8732
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:19744
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:3736
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:9348
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:9680
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:6848
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:5100
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:9972
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:18996
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:7360
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:19840
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:11996
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:9416
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2460
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:2836
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:8724
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:20052
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:19676
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:10764
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:19808
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:3912
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:20396
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:10500
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:3416
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:5312
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:10276
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:20212
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:7804
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:9792
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:19036
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:2708
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:4528
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:9248
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:20388
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:6952
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:19164
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:10924
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:19436
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:20104
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:3952
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:6444
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:18608
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:10404
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:7880
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:5328
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:10284
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:20276
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:7836
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:8840
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:19020
- - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
    "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2220
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:1416
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:3288
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:10228
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:9596
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:20436
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:18956
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:4444
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:8272
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:8948
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:10860
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:4736
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:6828
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:19504
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:11208
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:18616
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:3120
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:5076
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:10012
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:19068
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:7368
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:9156
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:11984
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:2744
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:4404
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:8132
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:10916
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:20196
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:6812
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:19604
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:11240
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:19100
- - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
    "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2644
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:2704
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:4536
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:9288
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:20112
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:6932
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:6000
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:11232
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:18844
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:3972
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:6524
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:19172
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:10492
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:5912
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:5564
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:10892
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:2740
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:8984
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:19552
- - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
    "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
    3⤵
    PID:3092
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:4796
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:9400
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:12168
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:8328
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:7252
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:20316
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:14360
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:20916
- - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
    "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
    3⤵
    PID:4204
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:7796
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:19628
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:20088
- - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
    "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
    3⤵
    PID:6364
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:12208
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:5352
- - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
    "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
    3⤵
    PID:10460
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:20332
- - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
    "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
    3⤵
    PID:4524
- C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
  "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2336
- - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
    "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1900
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2104
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1072
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        8⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        9⤵
        
        PID:19408
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        8⤵
        
        PID:10468
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        8⤵
        
        PID:19768
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        8⤵
        
        PID:9760
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        8⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:7560
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        8⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:20136
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        8⤵
        
        PID:9272
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        8⤵
        
        PID:19228
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:9428
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        8⤵
        
        PID:19084
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:12160
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:2900
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:9588
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:19760
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:7352
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:19116
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:12052
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:8096
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:2052
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:6868
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        8⤵
        
        PID:20460
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:10900
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:19784
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:8400
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        8⤵
        
        PID:9524
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:10788
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:5068
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:9000
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:18972
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:3680
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:18320
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:9768
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:19832
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:5048
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:10216
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:7756
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:7400
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:1544
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:12104
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:20128
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1088
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:1652
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:7964
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        8⤵
        
        PID:19536
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:18876
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:1948
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:10336
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:7772
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:19396
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:10412
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:7024
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:5516
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:11272
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:2168
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:8424
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:19276
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:11656
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:20284
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:3076
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:4780
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:9208
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:19636
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:7240
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:19268
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:11672
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:20204
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:4220
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:7872
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:19464
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:6380
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:18592
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:10292
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:20252
- - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
    "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2128
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:768
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:580
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        8⤵
        
        PID:18632
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:20428
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:8384
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:9944
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:19156
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:3776
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:18576
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:9952
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:18916
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:5124
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:9988
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:18924
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:7568
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:19528
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:18940
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:2864
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:4488
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:8748
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:18980
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:6780
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:19356
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:11188
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:19140
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:3944
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:6584
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:19236
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:10300
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:6080
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:5556
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:11196
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:18908
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:8388
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:1996
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:19052
- - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
    "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2264
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:1080
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:4300
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:7892
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:19700
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:19044
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:6488
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:20412
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:10484
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:2492
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:3920
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:6460
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:20340
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:10316
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:20220
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:5320
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:10252
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:7960
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:7812
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:20292
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:19012
- - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
    "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
    3⤵
    PID:3084
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:4764
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:9376
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:12128
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:5776
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:7200
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:9344
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:10796
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:20036
- - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
    "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
    3⤵
    PID:4196
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:7780
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:9712
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:19004
- - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
    "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
    3⤵
    PID:6356
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:19576
- - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
    "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
    3⤵
    PID:10452
- - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
    "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
    3⤵
    PID:4292
- C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
  "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3068
- - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
    "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3056
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:1536
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:3304
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:10428
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:20468
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:8088
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:2940
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:18988
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:4468
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:8416
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:8668
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:11640
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:19792
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:6836
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:20300
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:11248
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:19092
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:3204
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:2444
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:9748
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:1412
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:7552
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:19520
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:11976
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:8452
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:4420
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:8332
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:9696
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:18860
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:6820
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:19132
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:11224
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:17700
- - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
    "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2324
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:2252
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:4636
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:9256
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:19220
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:6996
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:6156
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:10812
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:1748
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:4012
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:7044
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:19544
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:10820
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:20380
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:2012
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:5884
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:17612
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:9320
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:12136
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:6500
- - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
    "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
    3⤵
    PID:3100
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:4896
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:9472
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:8264
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:7324
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:20444
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:11596
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:9392
- - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
    "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
    3⤵
    PID:4212
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:7760
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:19492
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:19028
- - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
    "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
    3⤵
    PID:6372
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:19480
- - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
    "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
    3⤵
    PID:10444
- - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
    "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
    3⤵
    PID:8128
- C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
  "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1112
- - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
    "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
    3⤵
    PID:920
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:3272
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:5192
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:9724
        
        C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        7⤵
        
        PID:19416
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:2992
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:7504
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:19612
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:12004
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:1156
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:4436
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:8444
      - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        6⤵
        
        PID:19212
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:11648
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:6240
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:6764
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:19316
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:11164
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:3284
- - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
    "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
    3⤵
    PID:3180
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:940
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:9960
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:20164
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:7576
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:7340
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:19332
- - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
    "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
    3⤵
    PID:4412
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:8436
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:8936
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:10780
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:5348
- - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
    "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
    3⤵
    PID:6756
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:19124
- - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
    "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
    3⤵
    PID:11156
- - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
    "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
    3⤵
    PID:18560
- C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
  "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
  2⤵
  PID:1552
- - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
    "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
    3⤵
    PID:3256
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:5224
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:10740
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:20148
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:7664
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:8952
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:18900
- - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
    "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
    3⤵
    PID:4428
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:8252
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:10868
    - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
        5⤵
        
        PID:20324
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:6496
- - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
    "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
    3⤵
    PID:6772
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:20364
- - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
    "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
    3⤵
    PID:10436
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:8932
- - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
    "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
    3⤵
    PID:8244
- C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
  "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
  2⤵
  PID:3112
- - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
    "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
    3⤵
    PID:5092
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:9828
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:20268
- - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
    "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
    3⤵
    PID:7384
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:9824
- - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
    "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
    3⤵
    PID:12044
- - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
    "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
    3⤵
    PID:20476
- C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
  "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
  2⤵
  PID:4396
- - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
    "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
    3⤵
    PID:8100
  - - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
      "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
      4⤵
      PID:19308
- - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
    "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
    3⤵
    PID:18964
- C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
  "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
  2⤵
  PID:6804
- - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
    "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
    3⤵
    PID:9280
- - C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
    "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
    3⤵
    PID:19252
- C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
  "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
  2⤵
  PID:11216
- C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe
  "C:\Users\Admin\AppData\Local\Temp\3684bd0a78e526ce995358c3b9f02470N.exe"
  2⤵
  PID:19108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\porn hidden feet mistress (Sylvia).rar.exe

Filesize
1.7MB

MD5
9b6b3f496853463f99c04aa562601b76

SHA1
fa902620ae68e871e6938d1b40dd94843a73bd6f

SHA256
fef8e177c97350645c0a2c70fef2d1e0d904bbdcc98065003552382a874f9e6c

SHA512
422cbb88617e7602dde46b5606734c49c58a0e9042219f626fc8a4a65eb46dfaadb80353ae8d3267ba3cd34ab5506e53da90d60c5ccf1fe3d6987c90b12523ea

Download Submit
C:\debug.txt

Filesize
183B

MD5
d8c0c8bf810b5b3be5e1182ee26fa9e9

SHA1
11da57a6986f13d680358a3aa4a774ab14b4b00c

SHA256
ac88c343d479d2df1c463f83c306af2052e002ea17f9b363f43056e6e2ab70c7

SHA512
e4da2b01b3e3b094a989e861892b26b22f74cc9b4b1cdc5bb43c142587e0d9e14c040e75eafb1ecd2c0b3079d5e7a2399499fdea4a1d6b211fb4c43cccd56b9d

Download Submit