3ab98b4b2d5e8507fbf90512a30967e26c478a5b8445874abf9ab3a42691eb49

Analysis

max time kernel
23s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
19-07-2024 02:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4048bce9a003ee83f36c09e1315688c0N.exe
Size

197KB
MD5

4048bce9a003ee83f36c09e1315688c0
SHA1

8420a05d78b603730b7f91db6d4c8293e508d6e7
SHA256

3ab98b4b2d5e8507fbf90512a30967e26c478a5b8445874abf9ab3a42691eb49
SHA512

90afb14aa4cee32d4472c2e3baaad843cd38742c0fe075086fa651eeb9e3b92c1ae6ead7411ce1cc0712c189f4d46d66161fad144c4a8805d5e19118f1c55f90
SSDEEP

6144:VjluQoSv4DSIo5R4nM/40yDsviiqpVpbHOFSLv5mLYGTT:VEQoSfqwv6p6kTQL7

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2972-0-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/files/0x0007000000016cb2-5.dat	upx
behavioral1/memory/2964-62-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/3064-92-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1256-94-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1788-95-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2840-96-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1792-97-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2972-101-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1988-100-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2964-104-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/3064-105-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2852-109-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1248-107-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2600-106-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2708-115-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2840-114-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1256-111-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1788-113-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/3012-116-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1988-118-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1944-121-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2712-120-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2972-119-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/816-123-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2600-122-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2852-124-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1392-132-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1632-129-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2428-128-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1536-135-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/264-134-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1400-131-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2708-130-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/3012-133-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1492-144-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2264-149-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/800-148-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2532-150-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1392-147-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1632-143-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1516-142-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1400-145-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1640-139-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/816-138-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1944-136-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1672-156-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/916-155-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1536-152-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1640-157-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1728-159-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/896-163-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2264-165-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/800-164-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2532-169-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2968-173-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2796-175-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2904-177-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2912-179-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2736-182-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2808-186-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2816-183-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2972-336-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2972-502-0x0000000000400000-0x000000000041E000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	4048bce9a003ee83f36c09e1315688c0N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\I:	4048bce9a003ee83f36c09e1315688c0N.exe
File opened (read-only)	\??\S:	4048bce9a003ee83f36c09e1315688c0N.exe
File opened (read-only)	\??\T:	4048bce9a003ee83f36c09e1315688c0N.exe
File opened (read-only)	\??\V:	4048bce9a003ee83f36c09e1315688c0N.exe
File opened (read-only)	\??\G:	4048bce9a003ee83f36c09e1315688c0N.exe
File opened (read-only)	\??\O:	4048bce9a003ee83f36c09e1315688c0N.exe
File opened (read-only)	\??\Y:	4048bce9a003ee83f36c09e1315688c0N.exe
File opened (read-only)	\??\U:	4048bce9a003ee83f36c09e1315688c0N.exe
File opened (read-only)	\??\B:	4048bce9a003ee83f36c09e1315688c0N.exe
File opened (read-only)	\??\E:	4048bce9a003ee83f36c09e1315688c0N.exe
File opened (read-only)	\??\J:	4048bce9a003ee83f36c09e1315688c0N.exe
File opened (read-only)	\??\K:	4048bce9a003ee83f36c09e1315688c0N.exe
File opened (read-only)	\??\L:	4048bce9a003ee83f36c09e1315688c0N.exe
File opened (read-only)	\??\M:	4048bce9a003ee83f36c09e1315688c0N.exe
File opened (read-only)	\??\Q:	4048bce9a003ee83f36c09e1315688c0N.exe
File opened (read-only)	\??\W:	4048bce9a003ee83f36c09e1315688c0N.exe
File opened (read-only)	\??\X:	4048bce9a003ee83f36c09e1315688c0N.exe
File opened (read-only)	\??\Z:	4048bce9a003ee83f36c09e1315688c0N.exe
File opened (read-only)	\??\A:	4048bce9a003ee83f36c09e1315688c0N.exe
File opened (read-only)	\??\H:	4048bce9a003ee83f36c09e1315688c0N.exe
File opened (read-only)	\??\N:	4048bce9a003ee83f36c09e1315688c0N.exe
File opened (read-only)	\??\P:	4048bce9a003ee83f36c09e1315688c0N.exe
File opened (read-only)	\??\R:	4048bce9a003ee83f36c09e1315688c0N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\brasilian nude hidden ash (Sonja,Sonja).avi.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\chinese lingerie licking cock traffic (Sonja,Britney).rar.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\SysWOW64\IME\shared\hardcore full movie sm (Tatjana).mpg.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\System32\DriverStore\Temp\japanese nude [bangbus] (Jenna).zip.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\fetish uncut .rar.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\beast bukkake catfight legs redhair .mpg.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\SysWOW64\IME\shared\brasilian beast public hole (Sylvia,Janette).avi.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\porn [bangbus] glans beautyfull (Christine,Sandy).mpg.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\gay action sleeping lady .zip.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\asian action animal [milf] hole .zip.exe	4048bce9a003ee83f36c09e1315688c0N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\norwegian action blowjob full movie stockings .mpg.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\american kicking xxx licking titts .avi.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\malaysia nude kicking lesbian traffic .avi.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Program Files (x86)\Google\Update\Download\german horse blowjob masturbation fishy (Jenna,Karin).mpg.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\xxx [bangbus] sweet .zip.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\british lingerie girls wifey (Kathrin).mpg.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Program Files\DVD Maker\Shared\hardcore girls .avi.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Program Files\Windows Journal\Templates\french gang bang licking (Jenna,Karin).avi.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\sperm cumshot lesbian feet .avi.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Program Files (x86)\Google\Temp\german gay kicking several models feet fishy .mpeg.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\german blowjob trambling several models (Britney).mpeg.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\russian porn masturbation .zip.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\italian action catfight shower .mpg.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\african cumshot blowjob catfight fishy (Sarah).mpg.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\norwegian fucking catfight glans shoes .mpg.exe	4048bce9a003ee83f36c09e1315688c0N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\malaysia xxx big swallow .zip.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\fetish several models .rar.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\black fucking full movie penetration .avi.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\beastiality beast big .zip.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\spanish trambling hidden .mpeg.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\spanish lesbian uncut vagina .rar.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\danish horse licking blondie .avi.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\cum public ash sm .rar.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\blowjob sleeping young .zip.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\blowjob xxx hot (!) .rar.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\chinese horse big sweet .zip.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\asian handjob sperm girls boots .avi.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\kicking girls .zip.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\beast public mistress .mpg.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\cumshot hot (!) cock hotel .zip.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\spanish animal big titts circumcision .avi.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\winsxs\Temp\trambling sleeping boobs castration (Karin,Curtney).rar.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\american lingerie fucking [free] girly .rar.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\Downloaded Program Files\spanish horse sperm several models (Sarah,Jenna).rar.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\norwegian horse [free] .mpeg.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\handjob xxx licking .rar.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\german lesbian public .rar.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\japanese cum several models (Sarah,Jenna).mpeg.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\xxx kicking [free] ash (Sylvia,Sonja).rar.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\russian trambling [milf] glans boots (Kathrin,Melissa).mpeg.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\tyrkish gang bang fucking [bangbus] beautyfull .zip.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\cum [bangbus] black hairunshaved .mpeg.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\malaysia blowjob horse voyeur .mpg.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\SoftwareDistribution\Download\japanese porn hidden .rar.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\lingerie uncut femdom (Tatjana,Curtney).rar.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\brasilian xxx several models cock lady .avi.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\american gay gang bang masturbation (Jade,Britney).mpg.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\brasilian horse catfight .rar.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\lingerie cumshot [free] nipples swallow .avi.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\trambling gang bang sleeping hole .rar.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\nude several models boobs high heels (Jenna,Karin).mpg.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\swedish porn uncut titts 50+ (Karin,Jenna).zip.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\british horse several models (Janette,Sonja).mpg.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\winsxs\InstallTemp\lingerie xxx masturbation wifey .rar.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\russian xxx catfight glans (Melissa,Karin).mpeg.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\handjob catfight cock sm .mpeg.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\japanese fetish full movie .avi.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\italian horse hidden titts hotel .mpg.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\malaysia action horse several models .mpeg.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\fetish lesbian nipples .mpeg.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\canadian horse animal hidden ash (Melissa,Sarah).rar.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\xxx hot (!) .zip.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\lesbian bukkake uncut (Gina).mpeg.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\animal hidden .avi.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\german porn hardcore catfight redhair (Kathrin).avi.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\porn voyeur fishy (Christine).mpeg.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\nude voyeur femdom .rar.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\xxx [milf] stockings (Tatjana).zip.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\british blowjob handjob licking boots .rar.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\fucking lesbian vagina shower .mpeg.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\russian action animal full movie .mpg.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\fucking lingerie voyeur traffic (Melissa).avi.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\swedish nude [bangbus] .zip.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\hardcore voyeur .avi.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\norwegian kicking voyeur .mpg.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\canadian cumshot kicking licking .zip.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\horse gang bang several models sweet .mpeg.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\horse cumshot [free] hole ejaculation .zip.exe	4048bce9a003ee83f36c09e1315688c0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\asian lesbian hidden .avi.exe	4048bce9a003ee83f36c09e1315688c0N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2972	4048bce9a003ee83f36c09e1315688c0N.exe
2964	4048bce9a003ee83f36c09e1315688c0N.exe
2972	4048bce9a003ee83f36c09e1315688c0N.exe
3064	4048bce9a003ee83f36c09e1315688c0N.exe
1248	4048bce9a003ee83f36c09e1315688c0N.exe
2964	4048bce9a003ee83f36c09e1315688c0N.exe
2972	4048bce9a003ee83f36c09e1315688c0N.exe
1256	4048bce9a003ee83f36c09e1315688c0N.exe
1788	4048bce9a003ee83f36c09e1315688c0N.exe
2840	4048bce9a003ee83f36c09e1315688c0N.exe
3064	4048bce9a003ee83f36c09e1315688c0N.exe
1792	4048bce9a003ee83f36c09e1315688c0N.exe
2964	4048bce9a003ee83f36c09e1315688c0N.exe
1248	4048bce9a003ee83f36c09e1315688c0N.exe
2972	4048bce9a003ee83f36c09e1315688c0N.exe
1988	4048bce9a003ee83f36c09e1315688c0N.exe
2712	4048bce9a003ee83f36c09e1315688c0N.exe
2600	4048bce9a003ee83f36c09e1315688c0N.exe
2852	4048bce9a003ee83f36c09e1315688c0N.exe
1256	4048bce9a003ee83f36c09e1315688c0N.exe
3064	4048bce9a003ee83f36c09e1315688c0N.exe
2708	4048bce9a003ee83f36c09e1315688c0N.exe
1788	4048bce9a003ee83f36c09e1315688c0N.exe
2840	4048bce9a003ee83f36c09e1315688c0N.exe
2964	4048bce9a003ee83f36c09e1315688c0N.exe
2428	4048bce9a003ee83f36c09e1315688c0N.exe
3012	4048bce9a003ee83f36c09e1315688c0N.exe
1248	4048bce9a003ee83f36c09e1315688c0N.exe
264	4048bce9a003ee83f36c09e1315688c0N.exe
1792	4048bce9a003ee83f36c09e1315688c0N.exe
2972	4048bce9a003ee83f36c09e1315688c0N.exe
816	4048bce9a003ee83f36c09e1315688c0N.exe
1944	4048bce9a003ee83f36c09e1315688c0N.exe
1632	4048bce9a003ee83f36c09e1315688c0N.exe
1988	4048bce9a003ee83f36c09e1315688c0N.exe
1516	4048bce9a003ee83f36c09e1315688c0N.exe
2712	4048bce9a003ee83f36c09e1315688c0N.exe
1400	4048bce9a003ee83f36c09e1315688c0N.exe
1492	4048bce9a003ee83f36c09e1315688c0N.exe
1392	4048bce9a003ee83f36c09e1315688c0N.exe
2852	4048bce9a003ee83f36c09e1315688c0N.exe
2600	4048bce9a003ee83f36c09e1315688c0N.exe
1536	4048bce9a003ee83f36c09e1315688c0N.exe
1788	4048bce9a003ee83f36c09e1315688c0N.exe
916	4048bce9a003ee83f36c09e1315688c0N.exe
1256	4048bce9a003ee83f36c09e1315688c0N.exe
1672	4048bce9a003ee83f36c09e1315688c0N.exe
3064	4048bce9a003ee83f36c09e1315688c0N.exe
1640	4048bce9a003ee83f36c09e1315688c0N.exe
2708	4048bce9a003ee83f36c09e1315688c0N.exe
2964	4048bce9a003ee83f36c09e1315688c0N.exe
1248	4048bce9a003ee83f36c09e1315688c0N.exe
2840	4048bce9a003ee83f36c09e1315688c0N.exe
1728	4048bce9a003ee83f36c09e1315688c0N.exe
896	4048bce9a003ee83f36c09e1315688c0N.exe
800	4048bce9a003ee83f36c09e1315688c0N.exe
2264	4048bce9a003ee83f36c09e1315688c0N.exe
2532	4048bce9a003ee83f36c09e1315688c0N.exe
1792	4048bce9a003ee83f36c09e1315688c0N.exe
1792	4048bce9a003ee83f36c09e1315688c0N.exe
3012	4048bce9a003ee83f36c09e1315688c0N.exe
3012	4048bce9a003ee83f36c09e1315688c0N.exe
2428	4048bce9a003ee83f36c09e1315688c0N.exe
2428	4048bce9a003ee83f36c09e1315688c0N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2972 wrote to memory of 2964	2972	4048bce9a003ee83f36c09e1315688c0N.exe	30
PID 2972 wrote to memory of 2964	2972	4048bce9a003ee83f36c09e1315688c0N.exe	30
PID 2972 wrote to memory of 2964	2972	4048bce9a003ee83f36c09e1315688c0N.exe	30
PID 2972 wrote to memory of 2964	2972	4048bce9a003ee83f36c09e1315688c0N.exe	30
PID 2964 wrote to memory of 3064	2964	4048bce9a003ee83f36c09e1315688c0N.exe	31
PID 2964 wrote to memory of 3064	2964	4048bce9a003ee83f36c09e1315688c0N.exe	31
PID 2964 wrote to memory of 3064	2964	4048bce9a003ee83f36c09e1315688c0N.exe	31
PID 2964 wrote to memory of 3064	2964	4048bce9a003ee83f36c09e1315688c0N.exe	31
PID 2972 wrote to memory of 1248	2972	4048bce9a003ee83f36c09e1315688c0N.exe	32
PID 2972 wrote to memory of 1248	2972	4048bce9a003ee83f36c09e1315688c0N.exe	32
PID 2972 wrote to memory of 1248	2972	4048bce9a003ee83f36c09e1315688c0N.exe	32
PID 2972 wrote to memory of 1248	2972	4048bce9a003ee83f36c09e1315688c0N.exe	32
PID 3064 wrote to memory of 1256	3064	4048bce9a003ee83f36c09e1315688c0N.exe	33
PID 3064 wrote to memory of 1256	3064	4048bce9a003ee83f36c09e1315688c0N.exe	33
PID 3064 wrote to memory of 1256	3064	4048bce9a003ee83f36c09e1315688c0N.exe	33
PID 3064 wrote to memory of 1256	3064	4048bce9a003ee83f36c09e1315688c0N.exe	33
PID 2964 wrote to memory of 1788	2964	4048bce9a003ee83f36c09e1315688c0N.exe	34
PID 2964 wrote to memory of 1788	2964	4048bce9a003ee83f36c09e1315688c0N.exe	34
PID 2964 wrote to memory of 1788	2964	4048bce9a003ee83f36c09e1315688c0N.exe	34
PID 2964 wrote to memory of 1788	2964	4048bce9a003ee83f36c09e1315688c0N.exe	34
PID 1248 wrote to memory of 2840	1248	4048bce9a003ee83f36c09e1315688c0N.exe	35
PID 1248 wrote to memory of 2840	1248	4048bce9a003ee83f36c09e1315688c0N.exe	35
PID 1248 wrote to memory of 2840	1248	4048bce9a003ee83f36c09e1315688c0N.exe	35
PID 1248 wrote to memory of 2840	1248	4048bce9a003ee83f36c09e1315688c0N.exe	35
PID 2972 wrote to memory of 1792	2972	4048bce9a003ee83f36c09e1315688c0N.exe	36
PID 2972 wrote to memory of 1792	2972	4048bce9a003ee83f36c09e1315688c0N.exe	36
PID 2972 wrote to memory of 1792	2972	4048bce9a003ee83f36c09e1315688c0N.exe	36
PID 2972 wrote to memory of 1792	2972	4048bce9a003ee83f36c09e1315688c0N.exe	36
PID 1256 wrote to memory of 1988	1256	4048bce9a003ee83f36c09e1315688c0N.exe	37
PID 1256 wrote to memory of 1988	1256	4048bce9a003ee83f36c09e1315688c0N.exe	37
PID 1256 wrote to memory of 1988	1256	4048bce9a003ee83f36c09e1315688c0N.exe	37
PID 1256 wrote to memory of 1988	1256	4048bce9a003ee83f36c09e1315688c0N.exe	37
PID 3064 wrote to memory of 2600	3064	4048bce9a003ee83f36c09e1315688c0N.exe	38
PID 3064 wrote to memory of 2600	3064	4048bce9a003ee83f36c09e1315688c0N.exe	38
PID 3064 wrote to memory of 2600	3064	4048bce9a003ee83f36c09e1315688c0N.exe	38
PID 3064 wrote to memory of 2600	3064	4048bce9a003ee83f36c09e1315688c0N.exe	38
PID 2840 wrote to memory of 2712	2840	4048bce9a003ee83f36c09e1315688c0N.exe	39
PID 2840 wrote to memory of 2712	2840	4048bce9a003ee83f36c09e1315688c0N.exe	39
PID 2840 wrote to memory of 2712	2840	4048bce9a003ee83f36c09e1315688c0N.exe	39
PID 2840 wrote to memory of 2712	2840	4048bce9a003ee83f36c09e1315688c0N.exe	39
PID 1788 wrote to memory of 2852	1788	4048bce9a003ee83f36c09e1315688c0N.exe	40
PID 1788 wrote to memory of 2852	1788	4048bce9a003ee83f36c09e1315688c0N.exe	40
PID 1788 wrote to memory of 2852	1788	4048bce9a003ee83f36c09e1315688c0N.exe	40
PID 1788 wrote to memory of 2852	1788	4048bce9a003ee83f36c09e1315688c0N.exe	40
PID 2964 wrote to memory of 2428	2964	4048bce9a003ee83f36c09e1315688c0N.exe	41
PID 2964 wrote to memory of 2428	2964	4048bce9a003ee83f36c09e1315688c0N.exe	41
PID 2964 wrote to memory of 2428	2964	4048bce9a003ee83f36c09e1315688c0N.exe	41
PID 2964 wrote to memory of 2428	2964	4048bce9a003ee83f36c09e1315688c0N.exe	41
PID 1248 wrote to memory of 2708	1248	4048bce9a003ee83f36c09e1315688c0N.exe	42
PID 1248 wrote to memory of 2708	1248	4048bce9a003ee83f36c09e1315688c0N.exe	42
PID 1248 wrote to memory of 2708	1248	4048bce9a003ee83f36c09e1315688c0N.exe	42
PID 1248 wrote to memory of 2708	1248	4048bce9a003ee83f36c09e1315688c0N.exe	42
PID 1792 wrote to memory of 3012	1792	4048bce9a003ee83f36c09e1315688c0N.exe	43
PID 1792 wrote to memory of 3012	1792	4048bce9a003ee83f36c09e1315688c0N.exe	43
PID 1792 wrote to memory of 3012	1792	4048bce9a003ee83f36c09e1315688c0N.exe	43
PID 1792 wrote to memory of 3012	1792	4048bce9a003ee83f36c09e1315688c0N.exe	43
PID 2972 wrote to memory of 264	2972	4048bce9a003ee83f36c09e1315688c0N.exe	44
PID 2972 wrote to memory of 264	2972	4048bce9a003ee83f36c09e1315688c0N.exe	44
PID 2972 wrote to memory of 264	2972	4048bce9a003ee83f36c09e1315688c0N.exe	44
PID 2972 wrote to memory of 264	2972	4048bce9a003ee83f36c09e1315688c0N.exe	44
PID 1988 wrote to memory of 1944	1988	4048bce9a003ee83f36c09e1315688c0N.exe	45
PID 1988 wrote to memory of 1944	1988	4048bce9a003ee83f36c09e1315688c0N.exe	45
PID 1988 wrote to memory of 1944	1988	4048bce9a003ee83f36c09e1315688c0N.exe	45
PID 1988 wrote to memory of 1944	1988	4048bce9a003ee83f36c09e1315688c0N.exe	45

C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
"C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2972
- C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2964
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3064
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1256
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1988
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        9⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        10⤵
        
        PID:11192
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        10⤵
        
        PID:22236
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        10⤵
        
        PID:27888
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        9⤵
        
        PID:9132
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        9⤵
        
        PID:14404
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        9⤵
        
        PID:14676
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        9⤵
        
        PID:9780
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        9⤵
        
        PID:18524
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        9⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        9⤵
        
        PID:12348
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        9⤵
        
        PID:22432
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        9⤵
        
        PID:16544
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:10144
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:22396
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:16460
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        9⤵
        
        PID:11120
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        9⤵
        
        PID:22380
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        9⤵
        
        PID:15736
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:8804
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:14196
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:27568
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:9600
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:17576
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:15720
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:10088
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:22540
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:15756
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        9⤵
        
        PID:11112
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        9⤵
        
        PID:21664
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        9⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:9152
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:14644
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:26772
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:9736
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:24676
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:7836
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:12204
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:19196
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:16684
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:10104
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:22488
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:15704
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:13728
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:26412
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:9684
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:22284
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:12800
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:9756
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:17392
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:27536
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:8216
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:14076
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:13328
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1400
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:7948
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:10324
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:24044
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:28064
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:6460
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:10056
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:22524
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:14280
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:13772
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:26332
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:10516
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:14588
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:26544
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:11596
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:22688
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:15700
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:8820
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:14204
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:26308
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:2024
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:7828
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:10080
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:22388
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:8032
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:6440
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:10284
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:23364
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:156
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:6996
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:10428
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:21696
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:15048
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:5868
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:11104
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:22312
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:27176
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:9092
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:14380
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:27028
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2600
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1516
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        9⤵
        
        PID:14132
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        9⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:8248
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:13332
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:26984
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:9340
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:19132
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:8224
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:14108
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:12980
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:11604
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:21508
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:16480
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:9692
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:22300
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:14460
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:10040
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:23228
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:8256
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:14068
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:7088
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:2660
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:8148
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:11200
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:17820
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:14928
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:13948
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:27472
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:10184
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:22144
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:6368
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:3136
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:6408
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:11216
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:21612
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:4916
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:5440
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:11176
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:22972
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:13016
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:8740
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:14156
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:26496
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1392
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:2876
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:13708
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:26364
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:9804
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:19140
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:564
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:10268
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:23336
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:7272
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:13420
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:26348
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:4188
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:7428
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:9812
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:17256
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:27596
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:5916
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:14140
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:26068
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:9232
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:14356
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:26196
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:2572
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:4552
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:7332
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:13540
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:8136
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:6488
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:17208
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:6840
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:10160
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:22632
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:5664
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:3128
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:6768
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:13756
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:10176
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:22600
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:13240
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:5776
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:10868
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:23328
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:27588
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:9124
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:17372
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:5028
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1788
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2852
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1632
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        9⤵
        
        PID:13660
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        9⤵
        
        PID:26560
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:9028
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:17248
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:10032
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:22212
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:9876
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:17440
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:13136
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:13676
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:26268
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:8204
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:13372
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:26992
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:10024
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:22444
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:15764
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:7512
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:13492
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:26324
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:2688
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:13500
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:26420
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:13892
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:26436
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:10136
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:22228
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:15652
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:4244
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:7524
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:9828
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:17488
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:27480
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:5144
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:13964
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:5800
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:9060
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:16560
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:13940
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1492
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:1684
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:7980
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:14688
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:13072
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:10120
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:22220
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:4568
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:13808
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:26316
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:10064
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:25732
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:2692
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:6932
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:10492
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:14636
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:4548
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:5884
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:12304
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:22460
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:14008
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:9100
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:17328
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:28096
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:3060
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:4360
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:7880
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:14708
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:14724
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:10316
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:24668
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:28048
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:6428
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:13900
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:26444
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:9860
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:17472
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:27528
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:4084
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:6948
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:13428
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:27576
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:6116
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:13908
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:15528
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:8796
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:14220
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:26260
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2428
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2264
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:1700
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:8984
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:17348
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:27488
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:16728
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:9884
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:17416
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:27504
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:3760
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:6476
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:11208
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:23136
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:6056
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:12296
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:22204
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:4048
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:8992
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:17280
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:27008
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:2676
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:5060
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:9016
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:17272
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:27520
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:7308
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:11620
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:21540
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:16732
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:9852
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:17400
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:7424
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:3716
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:7124
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:9940
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:1784
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:5960
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:13716
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:26472
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:9084
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:17828
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:16564
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:916
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:3320
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:4496
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:9388
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:17312
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:28072
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:7812
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:10072
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:22320
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:4612
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:7744
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:13356
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:26552
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:6792
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:10508
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:14596
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:25776
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:2608
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:4308
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:8024
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:14696
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:7048
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:10112
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:22496
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:4296
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:6360
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:27880
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:9868
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:17424
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:13300
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:4236
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:7500
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:14660
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:27496
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:10168
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:22608
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:5300
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:13736
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:26300
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:9272
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:13412
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:26616
- C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1248
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2840
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2712
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:816
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        9⤵
        
        PID:10820
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        9⤵
        
        PID:14256
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        9⤵
        
        PID:27464
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:8828
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:14164
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:25784
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        9⤵
        
        PID:11636
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        9⤵
        
        PID:23236
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        9⤵
        
        PID:16604
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:9900
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:17192
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:14020
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:7776
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:10292
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:23484
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:28056
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:13692
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:26404
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:9140
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:17320
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:9796
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:22408
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:28036
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:8036
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:10308
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:23840
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:2816
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:13796
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:9224
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        8⤵
        
        PID:16628
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:18188
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:14824
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:9660
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:17504
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:15560
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:8140
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:13396
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:26584
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:3900
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:13700
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:26396
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:9500
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:14084
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:2416
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:5332
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:9648
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:17496
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:27604
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:8240
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:14052
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:13100
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1536
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:2884
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:9476
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:14100
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:16504
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:7352
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:12328
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:22480
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:13088
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:9844
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:17264
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:15660
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:3140
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:6832
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:10444
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:22640
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:14948
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:5828
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:13788
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:3764
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:8812
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:14212
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:26236
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:1372
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:4816
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:7636
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:9908
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:22648
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:6228
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:9892
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:17448
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:15312
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:3156
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:6888
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:10524
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:14612
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:26060
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:5856
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:12092
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:23144
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:9116
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:17336
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:7516
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2708
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1672
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:3172
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:7316
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:13444
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:26356
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:7392
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:10128
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:22424
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:13320
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:4596
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:8328
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:13564
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:26380
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:6576
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:10452
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:21656
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:2808
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:4040
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:13748
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:26372
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:9508
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:13556
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:26512
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:5432
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:10260
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:19280
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:8264
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:14060
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:2424
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:3596
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:7112
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:10048
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:22504
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:15784
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:6132
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:13916
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:13308
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:8772
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:14188
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:26244
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1640
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:3104
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:5048
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:9484
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:14116
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:26172
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:7320
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:15540
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:9820
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:17432
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:15308
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:4588
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:8376
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:14248
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:26160
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:6652
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:10436
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:21740
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:2656
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:3968
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:5908
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:14148
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:6764
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:9516
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:13548
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:26284
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:5408
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:10276
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:19260
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:7756
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:13436
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:25768
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:3460
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:7140
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:13364
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:6896
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:6124
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:5212
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:23204
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:8780
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:14228
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:26388
- C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1792
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3012
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1728
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:3524
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:9548
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:13508
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:26292
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:14124
        
        C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        7⤵
        
        PID:27036
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:10300
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:23848
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:4620
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:8488
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:14420
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:8952
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:6860
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:10460
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:18172
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:28080
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:2804
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:4948
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:9492
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:14092
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:14432
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:7232
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:13532
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:7420
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:3464
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:6964
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:5992
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:9932
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:2772
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:14288
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:5892
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:9564
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:23832
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:9108
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:14364
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:25752
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:800
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:1856
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:4940
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:9172
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:13388
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:26576
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:7212
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:13764
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:26340
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:13524
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:5824
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:3796
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:6372
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:14668
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:27544
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:11224
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:23060
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:16772
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:6084
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:13684
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:26252
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:9000
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:17288
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:7136
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:2296
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:4976
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:9160
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:13380
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:26592
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:7244
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:13516
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:5504
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:3992
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:6388
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:12340
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:22452
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:15672
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:11232
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:22624
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:14996
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:6108
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:13668
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:26428
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:8788
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:14180
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:26276
- C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:264
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2532
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:2068
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:4868
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:9592
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:22336
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:13032
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:7196
      - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        6⤵
        
        PID:28008
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:13348
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:25760
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:3892
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:6600
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:11536
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:17568
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:2820
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:5428
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:9348
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:23196
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:8748
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:14172
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:26504
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:3188
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:5112
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:7844
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:10096
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:22468
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:8496
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:7448
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:14652
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:6416
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:9836
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:17464
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:27512
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:4604
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:8408
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:14392
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:27020
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:6560
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:10500
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:14620
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:27552
- C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:896
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:2472
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:4852
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:8976
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:17304
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:9668
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:7184
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:11628
    - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
        5⤵
        
        PID:23168
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:11888
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:22292
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:2348
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:7036
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:10476
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:13340
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:27560
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:5900
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:11184
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:21516
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:9532
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:9076
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:14412
- C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
  2⤵
  PID:1996
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:4232
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:9284
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:13404
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:26568
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:7464
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:11612
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:22616
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:14984
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:10152
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:22672
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:28088
- C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
  2⤵
  PID:3552
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:7096
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:17356
  - - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
      4⤵
      PID:1948
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:10484
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:14628
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:27000
- C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
  2⤵
  PID:5876
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:10880
- - C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
    3⤵
    PID:24684
- C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
  2⤵
  PID:9008
- C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\4048bce9a003ee83f36c09e1315688c0N.exe"
  2⤵
  PID:18180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\british lingerie girls wifey (Kathrin).mpg.exe

Filesize
965KB

MD5
2dee49eb8672b5a89dd0894d989cda76

SHA1
3986a522a9fad02a54d468f6c8b08be440a9e43f

SHA256
e025ec86d645b54111f4099c50f4b0927e5577983fda1a7075362240dbfc4a21

SHA512
b209df5c08761f0c3b4df28d27df11b0eda012cf989067e999fa28f356c377ca7f3f27e2140923bd7d315bd2f392a0bc4b56f1129344b1f3a70974b49e6db107

Download Submit
C:\debug.txt

Filesize
183B

MD5
63d901128a833bef94e224b0682c93c7

SHA1
5143bfdb8f044140ae63595db090360b9cbda610

SHA256
6321d1a3787f585d257e4252f6af040cfc0c210b030d46e5fc6846800254cf7c

SHA512
3aeefe543692313849090c3f7dbff5156d10447182fb80ce5ccdff253f97144efbac7d72a3bcac3205f08064f87c53892046f8d1c501a88556ab00612e12bc1b

Download Submit
memory/264-134-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/800-148-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/800-164-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/816-154-0x00000000044A0000-0x00000000044BE000-memory.dmp

Filesize
120KB

Download
memory/816-123-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/816-170-0x00000000044A0000-0x00000000044BE000-memory.dmp

Filesize
120KB

Download
memory/816-138-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/896-163-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/916-155-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1248-167-0x00000000045E0000-0x00000000045FE000-memory.dmp

Filesize
120KB

Download
memory/1248-112-0x00000000045D0000-0x00000000045EE000-memory.dmp

Filesize
120KB

Download
memory/1248-185-0x00000000045E0000-0x00000000045FE000-memory.dmp

Filesize
120KB

Download
memory/1248-107-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1256-117-0x00000000045C0000-0x00000000045DE000-memory.dmp

Filesize
120KB

Download
memory/1256-99-0x00000000045C0000-0x00000000045DE000-memory.dmp

Filesize
120KB

Download
memory/1256-111-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1256-94-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1392-147-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1392-132-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1400-145-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1400-131-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1492-144-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1492-166-0x0000000004DD0000-0x0000000004DEE000-memory.dmp

Filesize
120KB

Download
memory/1492-184-0x0000000004DD0000-0x0000000004DEE000-memory.dmp

Filesize
120KB

Download
memory/1516-180-0x0000000004DD0000-0x0000000004DEE000-memory.dmp

Filesize
120KB

Download
memory/1516-161-0x0000000004DD0000-0x0000000004DEE000-memory.dmp

Filesize
120KB

Download
memory/1516-142-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1536-135-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1536-152-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1632-178-0x0000000004900000-0x000000000491E000-memory.dmp

Filesize
120KB

Download
memory/1632-160-0x0000000004900000-0x000000000491E000-memory.dmp

Filesize
120KB

Download
memory/1632-143-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1632-129-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1640-157-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1640-139-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1672-156-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1728-159-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1788-95-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1788-108-0x0000000001F20000-0x0000000001F3E000-memory.dmp

Filesize
120KB

Download
memory/1788-113-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1792-97-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1944-121-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1944-153-0x00000000047C0000-0x00000000047DE000-memory.dmp

Filesize
120KB

Download
memory/1944-172-0x00000000047C0000-0x00000000047DE000-memory.dmp

Filesize
120KB

Download
memory/1944-136-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1988-158-0x0000000004CE0000-0x0000000004CFE000-memory.dmp

Filesize
120KB

Download
memory/1988-176-0x0000000004CE0000-0x0000000004CFE000-memory.dmp

Filesize
120KB

Download
memory/1988-100-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1988-118-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2264-165-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2264-149-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2428-128-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2532-150-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2532-169-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2600-106-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2600-140-0x0000000004A90000-0x0000000004AAE000-memory.dmp

Filesize
120KB

Download
memory/2600-122-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2600-125-0x0000000004A90000-0x0000000004AAE000-memory.dmp

Filesize
120KB

Download
memory/2708-115-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2708-168-0x0000000005050000-0x000000000506E000-memory.dmp

Filesize
120KB

Download
memory/2708-130-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2712-120-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2712-137-0x0000000004DD0000-0x0000000004DEE000-memory.dmp

Filesize
120KB

Download
memory/2712-181-0x0000000004F10000-0x0000000004F2E000-memory.dmp

Filesize
120KB

Download
memory/2712-162-0x0000000004F10000-0x0000000004F2E000-memory.dmp

Filesize
120KB

Download
memory/2736-182-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2796-175-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2808-186-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2816-183-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2840-96-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2840-114-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2852-141-0x0000000004DD0000-0x0000000004DEE000-memory.dmp

Filesize
120KB

Download
memory/2852-126-0x0000000004DD0000-0x0000000004DEE000-memory.dmp

Filesize
120KB

Download
memory/2852-109-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2852-124-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2852-171-0x0000000004F10000-0x0000000004F2E000-memory.dmp

Filesize
120KB

Download
memory/2904-177-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2912-179-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2964-91-0x0000000004DD0000-0x0000000004DEE000-memory.dmp

Filesize
120KB

Download
memory/2964-104-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2964-62-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2968-173-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2972-502-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2972-61-0x00000000046C0000-0x00000000046DE000-memory.dmp

Filesize
120KB

Download
memory/2972-119-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2972-336-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2972-103-0x00000000046C0000-0x00000000046DE000-memory.dmp

Filesize
120KB

Download
memory/2972-101-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2972-0-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2972-146-0x00000000047E0000-0x00000000047FE000-memory.dmp

Filesize
120KB

Download
memory/3012-133-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3012-116-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3064-174-0x0000000004CF0000-0x0000000004D0E000-memory.dmp

Filesize
120KB

Download
memory/3064-110-0x0000000004CE0000-0x0000000004CFE000-memory.dmp

Filesize
120KB

Download
memory/3064-102-0x0000000004CE0000-0x0000000004CFE000-memory.dmp

Filesize
120KB

Download
memory/3064-105-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3064-92-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3064-93-0x0000000004CE0000-0x0000000004CFE000-memory.dmp

Filesize
120KB

Download
memory/3064-127-0x0000000004CE0000-0x0000000004CFE000-memory.dmp

Filesize
120KB

Download