20830725a8f2eefedfcf876dd97e9cb9194a2d267d0393ae1238c66a847d214d

Analysis

max time kernel
26s
max time network
116s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
19/07/2024, 03:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

49ff72ea3ea290189817d7ae5fa34110N.exe
Size

1.7MB
MD5

49ff72ea3ea290189817d7ae5fa34110
SHA1

32be17d3be3ee783af5ee5b86664fff4d8ca963f
SHA256

20830725a8f2eefedfcf876dd97e9cb9194a2d267d0393ae1238c66a847d214d
SHA512

ef946777934a25dd2c5dd0dbe5ffcdf02a2f93ad396d997e793142e9e3870aa5492fa7b580284ee2349a43e11d9ec2ea5b3b5172304cc57ac6d6ccb6d72787af
SSDEEP

49152:AIQW4dRl8cW4qWJ5i63r+tUwvaCFYTkB4Hqckyh:JQjR2jKiOr+xYZbT

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2120-0-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/files/0x0007000000016d71-5.dat	upx
behavioral1/memory/2620-61-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2684-87-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2276-88-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1028-89-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2876-92-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2308-91-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2984-94-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1440-97-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2832-100-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/676-99-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1152-105-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/296-103-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2120-101-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2684-106-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/320-110-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/780-109-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1376-108-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2276-107-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1028-112-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2120-111-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2308-113-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2876-116-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1772-118-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1048-117-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1104-114-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1440-124-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2984-119-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/296-128-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1152-129-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1292-127-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2832-126-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1756-122-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/320-130-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1964-120-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1772-134-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1048-133-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1964-135-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1756-136-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/612-139-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1292-138-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/780-143-0x0000000004BA0000-0x0000000004BBC000-memory.dmp	upx
behavioral1/memory/2040-142-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2084-141-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2300-145-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2320-147-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/712-149-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2792-155-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2692-156-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1988-153-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1956-165-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2820-161-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2756-163-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/3028-162-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2564-166-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1192-169-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2548-173-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2320-171-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1856-176-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2792-177-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2756-183-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/3028-182-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2820-181-0x0000000000400000-0x000000000041C000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	49ff72ea3ea290189817d7ae5fa34110N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\U:	49ff72ea3ea290189817d7ae5fa34110N.exe
File opened (read-only)	\??\G:	49ff72ea3ea290189817d7ae5fa34110N.exe
File opened (read-only)	\??\H:	49ff72ea3ea290189817d7ae5fa34110N.exe
File opened (read-only)	\??\J:	49ff72ea3ea290189817d7ae5fa34110N.exe
File opened (read-only)	\??\R:	49ff72ea3ea290189817d7ae5fa34110N.exe
File opened (read-only)	\??\S:	49ff72ea3ea290189817d7ae5fa34110N.exe
File opened (read-only)	\??\Y:	49ff72ea3ea290189817d7ae5fa34110N.exe
File opened (read-only)	\??\A:	49ff72ea3ea290189817d7ae5fa34110N.exe
File opened (read-only)	\??\E:	49ff72ea3ea290189817d7ae5fa34110N.exe
File opened (read-only)	\??\K:	49ff72ea3ea290189817d7ae5fa34110N.exe
File opened (read-only)	\??\Q:	49ff72ea3ea290189817d7ae5fa34110N.exe
File opened (read-only)	\??\W:	49ff72ea3ea290189817d7ae5fa34110N.exe
File opened (read-only)	\??\X:	49ff72ea3ea290189817d7ae5fa34110N.exe
File opened (read-only)	\??\Z:	49ff72ea3ea290189817d7ae5fa34110N.exe
File opened (read-only)	\??\B:	49ff72ea3ea290189817d7ae5fa34110N.exe
File opened (read-only)	\??\I:	49ff72ea3ea290189817d7ae5fa34110N.exe
File opened (read-only)	\??\O:	49ff72ea3ea290189817d7ae5fa34110N.exe
File opened (read-only)	\??\T:	49ff72ea3ea290189817d7ae5fa34110N.exe
File opened (read-only)	\??\V:	49ff72ea3ea290189817d7ae5fa34110N.exe
File opened (read-only)	\??\L:	49ff72ea3ea290189817d7ae5fa34110N.exe
File opened (read-only)	\??\M:	49ff72ea3ea290189817d7ae5fa34110N.exe
File opened (read-only)	\??\N:	49ff72ea3ea290189817d7ae5fa34110N.exe
File opened (read-only)	\??\P:	49ff72ea3ea290189817d7ae5fa34110N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\kicking kicking voyeur redhair .mpeg.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\System32\DriverStore\Temp\german lesbian girls (Sylvia).avi.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\SysWOW64\FxsTmp\german beast fucking [milf] gorgeoushorny (Sylvia).rar.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\animal lesbian blondie .avi.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\SysWOW64\FxsTmp\xxx animal girls .mpeg.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\SysWOW64\IME\shared\beastiality horse catfight .mpeg.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\american trambling trambling full movie ash (Liz).zip.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\SysWOW64\IME\shared\handjob beastiality lesbian legs black hairunshaved .avi.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\french gay kicking voyeur wifey .avi.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\animal cum hot (!) circumcision .avi.exe	49ff72ea3ea290189817d7ae5fa34110N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\japanese action action lesbian .mpeg.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Program Files (x86)\Google\Temp\brasilian gay lingerie hot (!) high heels .mpeg.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\swedish gang bang catfight titts .mpeg.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\tyrkish gang bang [free] .mpeg.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Program Files (x86)\Google\Update\Download\spanish beast fucking [bangbus] penetration (Christine,Sylvia).zip.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Program Files\DVD Maker\Shared\norwegian bukkake hidden glans .zip.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\african kicking voyeur .mpg.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\tyrkish animal voyeur ejaculation .rar.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\horse licking upskirt .mpg.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\horse cum several models granny .avi.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Program Files\Windows Journal\Templates\italian beastiality sleeping (Tatjana,Sonja).avi.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\hardcore animal hidden ash .zip.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\blowjob masturbation (Sonja,Anniston).avi.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\gay [free] cock stockings (Janette,Sandy).zip.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\british cumshot hidden .zip.exe	49ff72ea3ea290189817d7ae5fa34110N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\handjob xxx masturbation wifey .mpg.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\nude catfight .avi.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\fucking sleeping cock beautyfull .avi.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\cum catfight penetration .zip.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\chinese horse masturbation ash .zip.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\gay hot (!) (Sarah).mpeg.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\norwegian xxx licking (Tatjana).avi.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\gay xxx [bangbus] (Gina,Sandy).zip.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\canadian hardcore fucking lesbian feet shower (Janette).zip.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\spanish fetish trambling full movie glans fishy .mpeg.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\spanish beast cumshot big mistress .zip.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\horse cumshot [bangbus] (Tatjana).mpg.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\indian horse gang bang uncut girly .mpg.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\brasilian beastiality gay licking boobs (Sandy,Sonja).mpeg.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\russian sperm masturbation .mpg.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\asian horse handjob licking .mpg.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\malaysia sperm horse hot (!) (Ashley,Liz).mpg.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\asian gang bang handjob several models cock .mpg.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\assembly\temp\chinese horse lingerie hot (!) vagina upskirt .mpeg.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\PLA\Templates\porn gang bang voyeur ash .zip.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\horse big bedroom .zip.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\winsxs\Temp\british cumshot cumshot public (Gina).rar.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\cumshot several models ejaculation .mpeg.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\blowjob xxx sleeping .zip.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\fucking beastiality uncut hairy (Curtney).rar.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\italian cum voyeur stockings .rar.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\japanese bukkake beastiality sleeping .zip.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\russian trambling beastiality licking (Gina).avi.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\chinese lesbian full movie .mpg.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\tyrkish gang bang gay [bangbus] .avi.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\british blowjob catfight titts fishy .zip.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\nude cumshot [free] hole leather .avi.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\spanish nude lingerie uncut nipples high heels .zip.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\fucking sperm uncut bedroom .rar.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\assembly\tmp\malaysia porn [milf] .zip.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\sperm trambling uncut feet gorgeoushorny .mpeg.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\action voyeur feet .zip.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\british horse [bangbus] girly .zip.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\american nude action big .zip.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\indian gang bang uncut stockings .rar.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\gay action [free] YEâPSè& .mpg.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\beast hidden fishy .mpeg.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\cum sperm masturbation mistress .rar.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\hardcore full movie glans .avi.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\trambling trambling lesbian shower .rar.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\tyrkish hardcore cum [milf] leather .avi.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\malaysia horse public ash .rar.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\spanish kicking full movie Ôë .avi.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\animal hidden boobs fishy .mpeg.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\lesbian animal sleeping (Liz).zip.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\danish horse lesbian licking (Jade).mpeg.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\gay fetish [bangbus] ash 40+ .mpeg.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\malaysia lesbian several models feet 50+ (Ashley,Curtney).zip.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\animal lesbian titts (Janette,Melissa).mpeg.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\norwegian animal masturbation sm .zip.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\japanese sperm action [milf] .mpg.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\porn bukkake [bangbus] ash .rar.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\mssrv.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\russian fetish cumshot hidden YEâPSè& (Ashley).mpeg.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\norwegian fucking beast licking shoes .mpeg.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\malaysia fetish masturbation legs (Tatjana,Melissa).avi.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\nude voyeur fishy .zip.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\asian gang bang animal girls .rar.exe	49ff72ea3ea290189817d7ae5fa34110N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\horse [free] vagina lady (Liz).avi.exe	49ff72ea3ea290189817d7ae5fa34110N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2120	49ff72ea3ea290189817d7ae5fa34110N.exe
2620	49ff72ea3ea290189817d7ae5fa34110N.exe
2120	49ff72ea3ea290189817d7ae5fa34110N.exe
2684	49ff72ea3ea290189817d7ae5fa34110N.exe
2620	49ff72ea3ea290189817d7ae5fa34110N.exe
2276	49ff72ea3ea290189817d7ae5fa34110N.exe
2120	49ff72ea3ea290189817d7ae5fa34110N.exe
1028	49ff72ea3ea290189817d7ae5fa34110N.exe
2308	49ff72ea3ea290189817d7ae5fa34110N.exe
2684	49ff72ea3ea290189817d7ae5fa34110N.exe
2876	49ff72ea3ea290189817d7ae5fa34110N.exe
2620	49ff72ea3ea290189817d7ae5fa34110N.exe
2984	49ff72ea3ea290189817d7ae5fa34110N.exe
2276	49ff72ea3ea290189817d7ae5fa34110N.exe
2120	49ff72ea3ea290189817d7ae5fa34110N.exe
1440	49ff72ea3ea290189817d7ae5fa34110N.exe
2832	49ff72ea3ea290189817d7ae5fa34110N.exe
676	49ff72ea3ea290189817d7ae5fa34110N.exe
2308	49ff72ea3ea290189817d7ae5fa34110N.exe
296	49ff72ea3ea290189817d7ae5fa34110N.exe
2684	49ff72ea3ea290189817d7ae5fa34110N.exe
1152	49ff72ea3ea290189817d7ae5fa34110N.exe
2620	49ff72ea3ea290189817d7ae5fa34110N.exe
1028	49ff72ea3ea290189817d7ae5fa34110N.exe
2876	49ff72ea3ea290189817d7ae5fa34110N.exe
1376	49ff72ea3ea290189817d7ae5fa34110N.exe
320	49ff72ea3ea290189817d7ae5fa34110N.exe
780	49ff72ea3ea290189817d7ae5fa34110N.exe
2984	49ff72ea3ea290189817d7ae5fa34110N.exe
2276	49ff72ea3ea290189817d7ae5fa34110N.exe
2120	49ff72ea3ea290189817d7ae5fa34110N.exe
1104	49ff72ea3ea290189817d7ae5fa34110N.exe
1048	49ff72ea3ea290189817d7ae5fa34110N.exe
1772	49ff72ea3ea290189817d7ae5fa34110N.exe
2832	49ff72ea3ea290189817d7ae5fa34110N.exe
1440	49ff72ea3ea290189817d7ae5fa34110N.exe
1756	49ff72ea3ea290189817d7ae5fa34110N.exe
1964	49ff72ea3ea290189817d7ae5fa34110N.exe
676	49ff72ea3ea290189817d7ae5fa34110N.exe
1292	49ff72ea3ea290189817d7ae5fa34110N.exe
2308	49ff72ea3ea290189817d7ae5fa34110N.exe
2620	49ff72ea3ea290189817d7ae5fa34110N.exe
612	49ff72ea3ea290189817d7ae5fa34110N.exe
2684	49ff72ea3ea290189817d7ae5fa34110N.exe
2040	49ff72ea3ea290189817d7ae5fa34110N.exe
2040	49ff72ea3ea290189817d7ae5fa34110N.exe
296	49ff72ea3ea290189817d7ae5fa34110N.exe
296	49ff72ea3ea290189817d7ae5fa34110N.exe
2084	49ff72ea3ea290189817d7ae5fa34110N.exe
2084	49ff72ea3ea290189817d7ae5fa34110N.exe
712	49ff72ea3ea290189817d7ae5fa34110N.exe
712	49ff72ea3ea290189817d7ae5fa34110N.exe
2300	49ff72ea3ea290189817d7ae5fa34110N.exe
2300	49ff72ea3ea290189817d7ae5fa34110N.exe
1988	49ff72ea3ea290189817d7ae5fa34110N.exe
1988	49ff72ea3ea290189817d7ae5fa34110N.exe
2876	49ff72ea3ea290189817d7ae5fa34110N.exe
2876	49ff72ea3ea290189817d7ae5fa34110N.exe
1152	49ff72ea3ea290189817d7ae5fa34110N.exe
1152	49ff72ea3ea290189817d7ae5fa34110N.exe
2692	49ff72ea3ea290189817d7ae5fa34110N.exe
2692	49ff72ea3ea290189817d7ae5fa34110N.exe
1028	49ff72ea3ea290189817d7ae5fa34110N.exe
1028	49ff72ea3ea290189817d7ae5fa34110N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2120 wrote to memory of 2620	2120	49ff72ea3ea290189817d7ae5fa34110N.exe	30
PID 2120 wrote to memory of 2620	2120	49ff72ea3ea290189817d7ae5fa34110N.exe	30
PID 2120 wrote to memory of 2620	2120	49ff72ea3ea290189817d7ae5fa34110N.exe	30
PID 2120 wrote to memory of 2620	2120	49ff72ea3ea290189817d7ae5fa34110N.exe	30
PID 2620 wrote to memory of 2684	2620	49ff72ea3ea290189817d7ae5fa34110N.exe	31
PID 2620 wrote to memory of 2684	2620	49ff72ea3ea290189817d7ae5fa34110N.exe	31
PID 2620 wrote to memory of 2684	2620	49ff72ea3ea290189817d7ae5fa34110N.exe	31
PID 2620 wrote to memory of 2684	2620	49ff72ea3ea290189817d7ae5fa34110N.exe	31
PID 2120 wrote to memory of 2276	2120	49ff72ea3ea290189817d7ae5fa34110N.exe	32
PID 2120 wrote to memory of 2276	2120	49ff72ea3ea290189817d7ae5fa34110N.exe	32
PID 2120 wrote to memory of 2276	2120	49ff72ea3ea290189817d7ae5fa34110N.exe	32
PID 2120 wrote to memory of 2276	2120	49ff72ea3ea290189817d7ae5fa34110N.exe	32
PID 2684 wrote to memory of 1028	2684	49ff72ea3ea290189817d7ae5fa34110N.exe	33
PID 2684 wrote to memory of 1028	2684	49ff72ea3ea290189817d7ae5fa34110N.exe	33
PID 2684 wrote to memory of 1028	2684	49ff72ea3ea290189817d7ae5fa34110N.exe	33
PID 2684 wrote to memory of 1028	2684	49ff72ea3ea290189817d7ae5fa34110N.exe	33
PID 2620 wrote to memory of 2308	2620	49ff72ea3ea290189817d7ae5fa34110N.exe	34
PID 2620 wrote to memory of 2308	2620	49ff72ea3ea290189817d7ae5fa34110N.exe	34
PID 2620 wrote to memory of 2308	2620	49ff72ea3ea290189817d7ae5fa34110N.exe	34
PID 2620 wrote to memory of 2308	2620	49ff72ea3ea290189817d7ae5fa34110N.exe	34
PID 2276 wrote to memory of 2876	2276	49ff72ea3ea290189817d7ae5fa34110N.exe	35
PID 2276 wrote to memory of 2876	2276	49ff72ea3ea290189817d7ae5fa34110N.exe	35
PID 2276 wrote to memory of 2876	2276	49ff72ea3ea290189817d7ae5fa34110N.exe	35
PID 2276 wrote to memory of 2876	2276	49ff72ea3ea290189817d7ae5fa34110N.exe	35
PID 2120 wrote to memory of 2984	2120	49ff72ea3ea290189817d7ae5fa34110N.exe	36
PID 2120 wrote to memory of 2984	2120	49ff72ea3ea290189817d7ae5fa34110N.exe	36
PID 2120 wrote to memory of 2984	2120	49ff72ea3ea290189817d7ae5fa34110N.exe	36
PID 2120 wrote to memory of 2984	2120	49ff72ea3ea290189817d7ae5fa34110N.exe	36
PID 1028 wrote to memory of 1440	1028	49ff72ea3ea290189817d7ae5fa34110N.exe	37
PID 1028 wrote to memory of 1440	1028	49ff72ea3ea290189817d7ae5fa34110N.exe	37
PID 1028 wrote to memory of 1440	1028	49ff72ea3ea290189817d7ae5fa34110N.exe	37
PID 1028 wrote to memory of 1440	1028	49ff72ea3ea290189817d7ae5fa34110N.exe	37
PID 2308 wrote to memory of 676	2308	49ff72ea3ea290189817d7ae5fa34110N.exe	38
PID 2308 wrote to memory of 676	2308	49ff72ea3ea290189817d7ae5fa34110N.exe	38
PID 2308 wrote to memory of 676	2308	49ff72ea3ea290189817d7ae5fa34110N.exe	38
PID 2308 wrote to memory of 676	2308	49ff72ea3ea290189817d7ae5fa34110N.exe	38
PID 2684 wrote to memory of 2832	2684	49ff72ea3ea290189817d7ae5fa34110N.exe	39
PID 2684 wrote to memory of 2832	2684	49ff72ea3ea290189817d7ae5fa34110N.exe	39
PID 2684 wrote to memory of 2832	2684	49ff72ea3ea290189817d7ae5fa34110N.exe	39
PID 2684 wrote to memory of 2832	2684	49ff72ea3ea290189817d7ae5fa34110N.exe	39
PID 2620 wrote to memory of 296	2620	49ff72ea3ea290189817d7ae5fa34110N.exe	40
PID 2620 wrote to memory of 296	2620	49ff72ea3ea290189817d7ae5fa34110N.exe	40
PID 2620 wrote to memory of 296	2620	49ff72ea3ea290189817d7ae5fa34110N.exe	40
PID 2620 wrote to memory of 296	2620	49ff72ea3ea290189817d7ae5fa34110N.exe	40
PID 2876 wrote to memory of 1152	2876	49ff72ea3ea290189817d7ae5fa34110N.exe	41
PID 2876 wrote to memory of 1152	2876	49ff72ea3ea290189817d7ae5fa34110N.exe	41
PID 2876 wrote to memory of 1152	2876	49ff72ea3ea290189817d7ae5fa34110N.exe	41
PID 2876 wrote to memory of 1152	2876	49ff72ea3ea290189817d7ae5fa34110N.exe	41
PID 2984 wrote to memory of 1376	2984	49ff72ea3ea290189817d7ae5fa34110N.exe	42
PID 2984 wrote to memory of 1376	2984	49ff72ea3ea290189817d7ae5fa34110N.exe	42
PID 2984 wrote to memory of 1376	2984	49ff72ea3ea290189817d7ae5fa34110N.exe	42
PID 2984 wrote to memory of 1376	2984	49ff72ea3ea290189817d7ae5fa34110N.exe	42
PID 2120 wrote to memory of 780	2120	49ff72ea3ea290189817d7ae5fa34110N.exe	43
PID 2120 wrote to memory of 780	2120	49ff72ea3ea290189817d7ae5fa34110N.exe	43
PID 2120 wrote to memory of 780	2120	49ff72ea3ea290189817d7ae5fa34110N.exe	43
PID 2120 wrote to memory of 780	2120	49ff72ea3ea290189817d7ae5fa34110N.exe	43
PID 2276 wrote to memory of 320	2276	49ff72ea3ea290189817d7ae5fa34110N.exe	44
PID 2276 wrote to memory of 320	2276	49ff72ea3ea290189817d7ae5fa34110N.exe	44
PID 2276 wrote to memory of 320	2276	49ff72ea3ea290189817d7ae5fa34110N.exe	44
PID 2276 wrote to memory of 320	2276	49ff72ea3ea290189817d7ae5fa34110N.exe	44
PID 1440 wrote to memory of 1104	1440	49ff72ea3ea290189817d7ae5fa34110N.exe	45
PID 1440 wrote to memory of 1104	1440	49ff72ea3ea290189817d7ae5fa34110N.exe	45
PID 1440 wrote to memory of 1104	1440	49ff72ea3ea290189817d7ae5fa34110N.exe	45
PID 1440 wrote to memory of 1104	1440	49ff72ea3ea290189817d7ae5fa34110N.exe	45

C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
"C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2120
- C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
  "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2620
- - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
    "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2684
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1028
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1440
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        8⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        9⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        10⤵
        
        PID:10812
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        10⤵
        
        PID:18884
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        9⤵
        
        PID:8416
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        9⤵
        
        PID:15688
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        8⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        9⤵
        
        PID:9128
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        9⤵
        
        PID:18372
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        8⤵
        
        PID:7380
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        8⤵
        
        PID:11440
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        8⤵
        
        PID:20636
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        8⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        9⤵
        
        PID:10700
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        10⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        9⤵
        
        PID:18868
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        8⤵
        
        PID:8516
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        8⤵
        
        PID:15864
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        8⤵
        
        PID:9432
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        8⤵
        
        PID:17144
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:11564
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:19572
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        8⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        9⤵
        
        PID:12608
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        8⤵
        
        PID:9624
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        8⤵
        
        PID:18332
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        8⤵
        
        PID:10264
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        8⤵
        
        PID:18984
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:8112
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:14424
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        8⤵
        
        PID:12456
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        8⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:9344
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        8⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:16972
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:9796
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:16948
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:2996
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:14392
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2300
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        8⤵
        
        PID:8800
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        9⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        8⤵
        
        PID:11500
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        8⤵
        
        PID:20540
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:11188
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:19068
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:7864
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        8⤵
        
        PID:16512
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:12360
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:22456
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:12600
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:1196
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:10136
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:18976
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:2236
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:8168
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:14376
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:15604
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:10480
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:19048
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:4320
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:7600
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:12408
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:2892
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:6432
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:14204
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:10184
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:18716
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2832
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1772
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        8⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        9⤵
        
        PID:11388
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        9⤵
        
        PID:20572
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        8⤵
        
        PID:9176
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        8⤵
        
        PID:17128
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        8⤵
        
        PID:9768
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        8⤵
        
        PID:15380
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        8⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:12220
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:22480
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        8⤵
        
        PID:11636
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        8⤵
        
        PID:20092
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:9368
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:17048
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:9752
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:15280
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:7756
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:15364
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:1856
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        8⤵
        
        PID:11600
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        8⤵
        
        PID:18860
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:8688
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        8⤵
        
        PID:16648
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:16672
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:9556
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:19000
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:7628
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:12400
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:20660
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:3596
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:11372
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:20532
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:8524
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:15720
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:5136
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:9468
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:18992
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:7524
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:5112
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:11516
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:20508
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1964
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:2240
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        8⤵
        
        PID:15872
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:16768
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:10764
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:16956
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:8680
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:16528
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:16536
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:3824
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:12492
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:21096
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:9544
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:19024
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:5388
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:10192
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:18428
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:7984
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:16104
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:14400
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:2756
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:3952
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:14472
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:9640
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:18936
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:5524
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:10224
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:18340
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:8104
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:14480
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:3748
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:5700
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:9536
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:18668
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:9404
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:19032
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:5332
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:9676
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:19016
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:7896
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:23548
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:14464
- - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
    "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2308
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:676
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1048
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        8⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        9⤵
        
        PID:10672
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        9⤵
        
        PID:18896
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        8⤵
        
        PID:8296
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        8⤵
        
        PID:15624
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        8⤵
        
        PID:9100
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        9⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        8⤵
        
        PID:16544
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:7372
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:11432
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:20548
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        8⤵
        
        PID:10684
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        8⤵
        
        PID:18904
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:8424
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:15696
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:668
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:9376
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:16916
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:7432
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:11288
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:20580
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:2896
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        8⤵
        
        PID:15736
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:10876
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:18476
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:11196
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:18500
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:8672
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:16632
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:16680
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:3740
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:12272
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:22464
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:9440
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:2124
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:16868
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:5292
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:9696
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:18772
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:7780
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:14456
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1756
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:2820
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        8⤵
        
        PID:14360
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:9632
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:18852
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:10276
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:19060
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:8152
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:14488
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:3700
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:11572
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:21500
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:9484
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:18876
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:5268
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:9760
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:16696
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:7744
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:1036
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:12204
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:22472
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:2768
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:3176
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:15704
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:10472
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:4808
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:18920
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:5840
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:10772
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:16940
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:8628
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:16924
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:3784
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:5540
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:12384
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:22440
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:9360
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:16852
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:5396
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:10160
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:18944
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:7936
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:17748
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:12352
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:22488
- - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
    "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:296
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1292
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:2656
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        8⤵
        
        PID:16464
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:11224
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:20100
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:12232
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:20556
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:9108
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:16520
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:3224
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:14180
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:10128
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:18968
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:5776
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:11340
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:20588
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:8580
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:16932
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:2660
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:3556
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:17760
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:11240
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:20044
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:6072
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:12296
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:20676
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:9152
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:4944
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:16620
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:3316
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:6592
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:14188
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:9880
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:15160
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:5816
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:10756
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:19512
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:8588
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:15792
- - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
    "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:612
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:2784
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:3780
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:15816
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:10900
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:18380
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:6040
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:11412
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:20524
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:8816
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:11360
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:20516
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:3868
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:6208
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:14212
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:9648
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:18780
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:5448
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:10232
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:18492
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:7996
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:14440
- - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
    "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
    3⤵
    PID:2788
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:3900
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:6948
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:17772
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:10932
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:18404
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:6096
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:11548
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:20624
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:9144
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:16576
- - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
    "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
    3⤵
    PID:3836
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:6164
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:11792
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:20668
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:9496
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:18436
- - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
    "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
    3⤵
    PID:5424
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:9840
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:15436
- - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
    "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
    3⤵
    PID:7968
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:15800
- - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
    "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
    3⤵
    PID:14408
- C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
  "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2276
- - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
    "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2876
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1152
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2040
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        8⤵
        
        PID:8148
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        8⤵
        
        PID:15756
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        8⤵
        
        PID:16640
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:10852
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:20068
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:12168
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:22448
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:6416
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:12556
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:9656
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:16816
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:1056
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:7304
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        8⤵
        
        PID:22880
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:11312
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:18912
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:12516
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:9460
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:17120
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:3904
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:16012
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:11232
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:20084
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:6052
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:12252
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:20340
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:9116
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:1524
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:16480
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2084
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:2632
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:8748
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:11508
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:20076
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:16656
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:10864
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:19040
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:4424
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:17604
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:12212
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:22496
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:6632
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:14416
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:10176
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:18452
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:1800
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:4212
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:16612
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:11556
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:20700
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:6368
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:12568
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:10104
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:19008
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:3480
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:6544
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:16876
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:10916
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:18348
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:6060
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:11588
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:20052
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:9136
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:6132
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:16588
- - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
    "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:320
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:1956
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:3188
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:9352
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:16964
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:7408
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:15192
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:11296
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:20564
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:4660
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:8268
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:15944
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:6272
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:11248
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:18928
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:3152
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:4984
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:9228
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:16504
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:7232
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:11304
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:20140
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:4548
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:7956
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:15328
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:6996
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:16060
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:1004
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:20116
- - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
    "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1988
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:2884
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:4832
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:8860
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:14496
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:6944
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:16488
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:10748
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:20148
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:4412
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:7884
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:17792
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:14448
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:6616
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:14516
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:10144
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:18960
- - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
    "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
    3⤵
    PID:1492
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:4528
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:8472
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:15728
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:6912
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:15824
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:10884
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:18468
- - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
    "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
    3⤵
    PID:4304
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:7572
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:12160
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:22504
- - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
    "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
    3⤵
    PID:6400
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:14196
- - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
    "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
    3⤵
    PID:10120
- - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
    "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
    3⤵
    PID:18788
- C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
  "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2984
- - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
    "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1376
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:2564
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:3232
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:9208
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        8⤵
        
        PID:23004
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:17136
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:7448
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:20492
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:11540
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:20364
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:4676
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:8656
        
        C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        7⤵
        
        PID:15808
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:16456
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:6460
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:11328
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:20652
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:3108
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:4916
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:8960
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:17040
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:7224
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:956
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:11320
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:20644
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:4536
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:8436
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:15640
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:7020
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:16496
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:10844
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:20060
- - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
    "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:712
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:2612
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:4780
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:8716
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:12416
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:1716
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:7028
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:17668
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:10940
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:18444
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:4436
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:7916
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:17784
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:14432
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:6640
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:14508
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:10168
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:18724
- - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
    "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
    3⤵
    PID:1864
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:4376
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:7696
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:12392
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:20684
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:6464
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:15744
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:10152
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:18952
- - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
    "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
    3⤵
    PID:4192
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:7468
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:17820
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:11524
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:20500
- - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
    "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
    3⤵
    PID:6360
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:14384
- - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
    "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
    3⤵
    PID:10112
- - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
    "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
    3⤵
    PID:16804
- C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
  "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:780
- - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
    "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
    3⤵
    PID:1192
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:3296
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:5092
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:9504
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:18484
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:7460
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:15184
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:11532
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:20132
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:4668
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:8276
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:15308
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:6176
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:16472
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:11256
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:20124
- - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
    "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
    3⤵
    PID:3164
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:5104
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:9168
      - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        6⤵
        
        PID:4828
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:16860
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:7396
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:11460
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:20596
- - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
    "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
    3⤵
    PID:4592
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:8540
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:15412
- - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
    "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
    3⤵
    PID:6612
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:16844
- - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
    "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
    3⤵
    PID:10924
- - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
    "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
    3⤵
    PID:18412
- C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
  "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2692
- - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
    "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
    3⤵
    PID:3116
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:4952
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:9160
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:16688
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:7196
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:11204
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:20108
- - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
    "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
    3⤵
    PID:4584
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:7260
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:15596
- - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
    "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
    3⤵
    PID:7048
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:15924
- - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
    "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
    3⤵
    PID:10892
- - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
    "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
    3⤵
    PID:18640
- C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
  "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
  2⤵
  PID:3140
- - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
    "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
    3⤵
    PID:4968
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:9412
    - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
        5⤵
        
        PID:23540
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:16664
- - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
    "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
    3⤵
    PID:7424
  - - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
      "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
      4⤵
      PID:2228
- - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
    "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
    3⤵
    PID:11424
- - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
    "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
    3⤵
    PID:19552
- C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
  "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
  2⤵
  PID:4556
- - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
    "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
    3⤵
    PID:7788
- - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
    "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
    3⤵
    PID:15780
- C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
  "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
  2⤵
  PID:7076
- - C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
    "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
    3⤵
    PID:17068
- C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
  "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
  2⤵
  PID:10908
- C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe
  "C:\Users\Admin\AppData\Local\Temp\49ff72ea3ea290189817d7ae5fa34110N.exe"
  2⤵
  PID:18460

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\african kicking voyeur .mpg.exe

Filesize
1.5MB

MD5
51ae50c8dba39cf4b634beec056d1fe7

SHA1
c312dc7c9caab5228004da65ba67b58ad14e63bb

SHA256
8c0da2e77d824caf1a0a6d5e6a1b71af0873a7e0dae1a8dab1ccf715543ec3dc

SHA512
9431e43178b78b5928385d435f0621542e21de8a33cfa1d03f62257b721405c4367bf7072761ce652202a83114bfe353a611a7ecbde3f0335372efadc5c0e43e

Download Submit
C:\debug.txt

Filesize
183B

MD5
e9910137e5cddc707de030fd8e25e735

SHA1
637b87c33943f235171c9b2fe9700fd9a2662835

SHA256
6211eb3f18b7fc7152a498daf4ed9902d775cb0f21ef08e0b6e1b69428e97026

SHA512
08f4f1546485fe429384b3d2dd314b605320030858aec8d71a16ee13eb022e1d44d78cd27080c4a3c41af15b63573e0f12d100b645aa3b97146b1044bd1dfcc7

Download Submit
memory/296-103-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/296-121-0x0000000004A90000-0x0000000004AAC000-memory.dmp

Filesize
112KB

Download
memory/296-128-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/296-164-0x0000000004F20000-0x0000000004F3C000-memory.dmp

Filesize
112KB

Download
memory/320-130-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/320-110-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/612-139-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/676-99-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/676-131-0x0000000001EC0000-0x0000000001EDC000-memory.dmp

Filesize
112KB

Download
memory/676-179-0x00000000044F0000-0x000000000450C000-memory.dmp

Filesize
112KB

Download
memory/676-159-0x00000000044F0000-0x000000000450C000-memory.dmp

Filesize
112KB

Download
memory/712-149-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/780-143-0x0000000004BA0000-0x0000000004BBC000-memory.dmp

Filesize
112KB

Download
memory/780-109-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1028-96-0x0000000004AD0000-0x0000000004AEC000-memory.dmp

Filesize
112KB

Download
memory/1028-89-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1028-123-0x0000000004AD0000-0x0000000004AEC000-memory.dmp

Filesize
112KB

Download
memory/1028-112-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1048-117-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1048-133-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1048-148-0x0000000004A90000-0x0000000004AAC000-memory.dmp

Filesize
112KB

Download
memory/1048-172-0x0000000004A90000-0x0000000004AAC000-memory.dmp

Filesize
112KB

Download
memory/1104-170-0x0000000004580000-0x000000000459C000-memory.dmp

Filesize
112KB

Download
memory/1104-146-0x0000000004580000-0x000000000459C000-memory.dmp

Filesize
112KB

Download
memory/1104-114-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1152-129-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1152-105-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1192-169-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1292-138-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1292-127-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1376-158-0x0000000004A90000-0x0000000004AAC000-memory.dmp

Filesize
112KB

Download
memory/1376-140-0x0000000004A90000-0x0000000004AAC000-memory.dmp

Filesize
112KB

Download
memory/1376-108-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1440-124-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1440-160-0x0000000004CE0000-0x0000000004CFC000-memory.dmp

Filesize
112KB

Download
memory/1440-97-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1440-180-0x0000000004CE0000-0x0000000004CFC000-memory.dmp

Filesize
112KB

Download
memory/1756-136-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1756-178-0x00000000006B0000-0x00000000006CC000-memory.dmp

Filesize
112KB

Download
memory/1756-157-0x00000000006B0000-0x00000000006CC000-memory.dmp

Filesize
112KB

Download
memory/1756-122-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1772-134-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1772-118-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1772-152-0x0000000000830000-0x000000000084C000-memory.dmp

Filesize
112KB

Download
memory/1772-175-0x0000000000830000-0x000000000084C000-memory.dmp

Filesize
112KB

Download
memory/1856-176-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1956-165-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1964-120-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1964-135-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1988-153-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2040-142-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2084-141-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2120-60-0x0000000004800000-0x000000000481C000-memory.dmp

Filesize
112KB

Download
memory/2120-93-0x0000000004DE0000-0x0000000004DFC000-memory.dmp

Filesize
112KB

Download
memory/2120-111-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2120-137-0x0000000004DE0000-0x0000000004DFC000-memory.dmp

Filesize
112KB

Download
memory/2120-0-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2120-104-0x0000000004800000-0x000000000481C000-memory.dmp

Filesize
112KB

Download
memory/2120-321-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2120-101-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2120-466-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2120-154-0x0000000004DE0000-0x0000000004DFC000-memory.dmp

Filesize
112KB

Download
memory/2276-150-0x0000000004590000-0x00000000045AC000-memory.dmp

Filesize
112KB

Download
memory/2276-107-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2276-88-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2300-145-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2308-91-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2308-113-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2320-147-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2320-171-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2548-173-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2564-166-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2620-86-0x0000000004AA0000-0x0000000004ABC000-memory.dmp

Filesize
112KB

Download
memory/2620-90-0x0000000004AA0000-0x0000000004ABC000-memory.dmp

Filesize
112KB

Download
memory/2620-61-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2620-102-0x0000000004AA0000-0x0000000004ABC000-memory.dmp

Filesize
112KB

Download
memory/2684-125-0x0000000004920000-0x000000000493C000-memory.dmp

Filesize
112KB

Download
memory/2684-87-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2684-98-0x0000000004920000-0x000000000493C000-memory.dmp

Filesize
112KB

Download
memory/2684-106-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2692-156-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2756-183-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2756-163-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2792-177-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2792-155-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2820-181-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2820-161-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2832-151-0x0000000005050000-0x000000000506C000-memory.dmp

Filesize
112KB

Download
memory/2832-115-0x0000000004DD0000-0x0000000004DEC000-memory.dmp

Filesize
112KB

Download
memory/2832-174-0x0000000005050000-0x000000000506C000-memory.dmp

Filesize
112KB

Download
memory/2832-100-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2832-132-0x0000000004DD0000-0x0000000004DEC000-memory.dmp

Filesize
112KB

Download
memory/2832-126-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2876-116-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2876-92-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2984-94-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2984-119-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3028-182-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3028-162-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download