45e2d4d1d22ff11c917270961fbfe21135cdfff4d07ef053acf4e86c3e3150b9

Analysis

max time kernel
29s
max time network
76s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
19/07/2024, 02:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

44e8805322637bbd277fe21be5fbc3c0N.exe
Size

270KB
MD5

44e8805322637bbd277fe21be5fbc3c0
SHA1

bbe16ca2fa5630545eab947808bd38085064fefe
SHA256

45e2d4d1d22ff11c917270961fbfe21135cdfff4d07ef053acf4e86c3e3150b9
SHA512

65379847648849c60fa6862f6efb63b67a1a2d27dd13cf5e70b5452bd40d54052948be83d343f04d173e9e7066f4a46e8307d30b6bc565056634832fa2b64453
SSDEEP

6144:VjluQoSv4DSIo5R4nM/40y2EDqoDVpfgN2JKs0EWOIsnwFlHF:VEQoSfq+EXvfg4isIsnGll

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2200-0-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/files/0x0007000000016cec-5.dat	upx
behavioral1/memory/2200-72-0x0000000005290000-0x00000000052AE000-memory.dmp	upx
behavioral1/memory/2852-75-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/3024-89-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/3044-90-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1644-92-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1104-94-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/768-95-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2200-96-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1944-99-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2852-98-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1292-106-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1904-107-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1004-109-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1104-108-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1444-110-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1944-111-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1712-103-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/3044-102-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1084-113-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2200-112-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2140-115-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1712-114-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/948-118-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/532-120-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1904-119-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1292-117-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1004-122-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1660-123-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2100-124-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1084-125-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2140-126-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2952-129-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/948-128-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1968-130-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/684-132-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/352-133-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1060-134-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2012-135-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1580-139-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2208-138-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1808-143-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2308-140-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2960-145-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/3052-149-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2164-148-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2012-150-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2612-154-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2588-156-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/1580-155-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2736-161-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2832-160-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2672-163-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2924-159-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2776-165-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/348-167-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2744-169-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/3052-168-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2404-172-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/944-170-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2584-173-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2612-176-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral1/memory/2588-177-0x0000000000400000-0x000000000041E000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	44e8805322637bbd277fe21be5fbc3c0N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\K:	44e8805322637bbd277fe21be5fbc3c0N.exe
File opened (read-only)	\??\P:	44e8805322637bbd277fe21be5fbc3c0N.exe
File opened (read-only)	\??\Q:	44e8805322637bbd277fe21be5fbc3c0N.exe
File opened (read-only)	\??\A:	44e8805322637bbd277fe21be5fbc3c0N.exe
File opened (read-only)	\??\G:	44e8805322637bbd277fe21be5fbc3c0N.exe
File opened (read-only)	\??\I:	44e8805322637bbd277fe21be5fbc3c0N.exe
File opened (read-only)	\??\J:	44e8805322637bbd277fe21be5fbc3c0N.exe
File opened (read-only)	\??\X:	44e8805322637bbd277fe21be5fbc3c0N.exe
File opened (read-only)	\??\B:	44e8805322637bbd277fe21be5fbc3c0N.exe
File opened (read-only)	\??\M:	44e8805322637bbd277fe21be5fbc3c0N.exe
File opened (read-only)	\??\N:	44e8805322637bbd277fe21be5fbc3c0N.exe
File opened (read-only)	\??\V:	44e8805322637bbd277fe21be5fbc3c0N.exe
File opened (read-only)	\??\U:	44e8805322637bbd277fe21be5fbc3c0N.exe
File opened (read-only)	\??\Y:	44e8805322637bbd277fe21be5fbc3c0N.exe
File opened (read-only)	\??\Z:	44e8805322637bbd277fe21be5fbc3c0N.exe
File opened (read-only)	\??\E:	44e8805322637bbd277fe21be5fbc3c0N.exe
File opened (read-only)	\??\L:	44e8805322637bbd277fe21be5fbc3c0N.exe
File opened (read-only)	\??\O:	44e8805322637bbd277fe21be5fbc3c0N.exe
File opened (read-only)	\??\T:	44e8805322637bbd277fe21be5fbc3c0N.exe
File opened (read-only)	\??\H:	44e8805322637bbd277fe21be5fbc3c0N.exe
File opened (read-only)	\??\R:	44e8805322637bbd277fe21be5fbc3c0N.exe
File opened (read-only)	\??\S:	44e8805322637bbd277fe21be5fbc3c0N.exe
File opened (read-only)	\??\W:	44e8805322637bbd277fe21be5fbc3c0N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\french sperm sleeping YEâPSè& .rar.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\System32\DriverStore\Temp\russian handjob lesbian black hairunshaved .mpeg.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\SysWOW64\IME\shared\brasilian animal uncut sweet .mpg.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\asian sperm lingerie [free] 50+ .avi.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\spanish kicking xxx public ejaculation (Ashley,Liz).zip.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\russian bukkake [free] vagina swallow .mpeg.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\russian lesbian [milf] titts mistress .avi.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\swedish fetish xxx voyeur fishy .zip.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\lesbian hardcore lesbian nipples .zip.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\SysWOW64\IME\shared\handjob [free] YEâPSè& .avi.exe	44e8805322637bbd277fe21be5fbc3c0N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\swedish gay girls 40+ .avi.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\action lesbian [bangbus] ash castration .avi.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\cum xxx voyeur legs (Tatjana).mpg.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\kicking horse sleeping (Melissa).avi.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\handjob kicking masturbation mistress .avi.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\horse voyeur upskirt .rar.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\british gang bang [bangbus] .zip.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\russian lingerie hidden vagina .mpeg.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\japanese lesbian hot (!) (Samantha).zip.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Program Files\Windows Journal\Templates\african handjob blowjob public boobs fishy (Kathrin).mpg.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\kicking handjob hidden .mpg.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Program Files (x86)\Google\Temp\xxx sleeping (Anniston).zip.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Program Files (x86)\Google\Update\Download\african action trambling uncut pregnant (Karin).rar.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\black action uncut gorgeoushorny (Jade,Jade).avi.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\horse nude full movie .zip.exe	44e8805322637bbd277fe21be5fbc3c0N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\spanish cum fucking girls .rar.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\beast hardcore public .avi.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\german horse porn hidden ìï (Jenna).zip.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\animal action [bangbus] .mpeg.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\canadian horse action masturbation cock .avi.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\russian bukkake full movie .rar.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\spanish nude public cock redhair .mpeg.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\indian gang bang lingerie voyeur ash girly .rar.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\winsxs\Temp\japanese gay gang bang sleeping traffic (Gina).mpg.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\danish animal beastiality [milf] (Jade,Gina).zip.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\gay licking mature .zip.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\horse animal masturbation wifey .zip.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\french fetish animal [free] glans latex .zip.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\indian gang bang gay [milf] beautyfull (Samantha,Samantha).mpeg.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\indian cum xxx hot (!) .rar.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\gay full movie bedroom .avi.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\african bukkake handjob girls ash girly .mpg.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\cum sperm voyeur high heels .avi.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\swedish cum sleeping .rar.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\russian lesbian sleeping sweet .rar.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\kicking [milf] hotel .rar.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\swedish fetish big nipples castration .avi.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\chinese trambling xxx licking ash (Sylvia,Sandy).rar.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\lesbian [milf] hole (Karin).zip.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\norwegian handjob gay masturbation hole ìï (Samantha,Ashley).mpg.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\lingerie action masturbation upskirt .mpeg.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\german bukkake beast voyeur .mpg.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\gang bang beast hidden redhair .zip.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\porn public (Jenna,Tatjana).zip.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\handjob hidden ash bedroom .mpeg.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\trambling voyeur nipples high heels .mpeg.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\spanish sperm lesbian [milf] shoes .mpg.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\asian cumshot horse hot (!) (Karin,Sandy).mpg.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\blowjob kicking big glans ìï .mpg.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\fetish public girly .rar.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\canadian action sleeping high heels .mpeg.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\british lesbian blowjob hidden ìï .mpg.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\canadian animal beastiality public .mpg.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\fucking lingerie masturbation cock mature .mpeg.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\action gang bang sleeping ejaculation (Sandy,Tatjana).mpeg.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\indian gang bang masturbation leather .mpg.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\handjob horse [free] (Jenna).mpeg.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\nude licking legs circumcision .avi.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\horse public femdom .rar.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\sperm horse full movie cock hairy (Tatjana).avi.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\chinese fetish several models high heels (Liz).mpg.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\french beastiality sleeping titts .rar.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\horse hot (!) .rar.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\mssrv.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\assembly\temp\swedish blowjob masturbation .mpg.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\PLA\Templates\sperm hardcore catfight sm (Christine,Sandy).rar.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\brasilian porn kicking [milf] legs .rar.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\malaysia hardcore cum [free] (Karin,Curtney).mpeg.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\japanese blowjob [free] YEâPSè& .mpeg.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\american gang bang cumshot [bangbus] .mpg.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\gay [bangbus] circumcision .mpeg.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\cum fetish big (Sonja).mpg.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\winsxs\InstallTemp\african nude lesbian [bangbus] vagina upskirt .mpeg.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\gay fucking hidden femdom .avi.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\italian fetish bukkake hidden glans (Britney,Sarah).zip.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\italian cumshot catfight .avi.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\asian lesbian horse hidden (Sarah).rar.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\xxx horse full movie .zip.exe	44e8805322637bbd277fe21be5fbc3c0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\xxx handjob [bangbus] .mpg.exe	44e8805322637bbd277fe21be5fbc3c0N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2200	44e8805322637bbd277fe21be5fbc3c0N.exe
2852	44e8805322637bbd277fe21be5fbc3c0N.exe
2200	44e8805322637bbd277fe21be5fbc3c0N.exe
3024	44e8805322637bbd277fe21be5fbc3c0N.exe
2852	44e8805322637bbd277fe21be5fbc3c0N.exe
3044	44e8805322637bbd277fe21be5fbc3c0N.exe
2200	44e8805322637bbd277fe21be5fbc3c0N.exe
1644	44e8805322637bbd277fe21be5fbc3c0N.exe
1104	44e8805322637bbd277fe21be5fbc3c0N.exe
768	44e8805322637bbd277fe21be5fbc3c0N.exe
3024	44e8805322637bbd277fe21be5fbc3c0N.exe
2852	44e8805322637bbd277fe21be5fbc3c0N.exe
3044	44e8805322637bbd277fe21be5fbc3c0N.exe
1444	44e8805322637bbd277fe21be5fbc3c0N.exe
2200	44e8805322637bbd277fe21be5fbc3c0N.exe
1944	44e8805322637bbd277fe21be5fbc3c0N.exe
1712	44e8805322637bbd277fe21be5fbc3c0N.exe
1104	44e8805322637bbd277fe21be5fbc3c0N.exe
532	44e8805322637bbd277fe21be5fbc3c0N.exe
2852	44e8805322637bbd277fe21be5fbc3c0N.exe
1004	44e8805322637bbd277fe21be5fbc3c0N.exe
1292	44e8805322637bbd277fe21be5fbc3c0N.exe
1904	44e8805322637bbd277fe21be5fbc3c0N.exe
1644	44e8805322637bbd277fe21be5fbc3c0N.exe
3024	44e8805322637bbd277fe21be5fbc3c0N.exe
768	44e8805322637bbd277fe21be5fbc3c0N.exe
1660	44e8805322637bbd277fe21be5fbc3c0N.exe
3044	44e8805322637bbd277fe21be5fbc3c0N.exe
2100	44e8805322637bbd277fe21be5fbc3c0N.exe
1444	44e8805322637bbd277fe21be5fbc3c0N.exe
2200	44e8805322637bbd277fe21be5fbc3c0N.exe
1084	44e8805322637bbd277fe21be5fbc3c0N.exe
2140	44e8805322637bbd277fe21be5fbc3c0N.exe
1712	44e8805322637bbd277fe21be5fbc3c0N.exe
1944	44e8805322637bbd277fe21be5fbc3c0N.exe
948	44e8805322637bbd277fe21be5fbc3c0N.exe
1104	44e8805322637bbd277fe21be5fbc3c0N.exe
2852	44e8805322637bbd277fe21be5fbc3c0N.exe
1968	44e8805322637bbd277fe21be5fbc3c0N.exe
2952	44e8805322637bbd277fe21be5fbc3c0N.exe
684	44e8805322637bbd277fe21be5fbc3c0N.exe
352	44e8805322637bbd277fe21be5fbc3c0N.exe
352	44e8805322637bbd277fe21be5fbc3c0N.exe
1644	44e8805322637bbd277fe21be5fbc3c0N.exe
1644	44e8805322637bbd277fe21be5fbc3c0N.exe
1060	44e8805322637bbd277fe21be5fbc3c0N.exe
1060	44e8805322637bbd277fe21be5fbc3c0N.exe
768	44e8805322637bbd277fe21be5fbc3c0N.exe
768	44e8805322637bbd277fe21be5fbc3c0N.exe
3024	44e8805322637bbd277fe21be5fbc3c0N.exe
3024	44e8805322637bbd277fe21be5fbc3c0N.exe
1724	44e8805322637bbd277fe21be5fbc3c0N.exe
1724	44e8805322637bbd277fe21be5fbc3c0N.exe
2208	44e8805322637bbd277fe21be5fbc3c0N.exe
2208	44e8805322637bbd277fe21be5fbc3c0N.exe
2308	44e8805322637bbd277fe21be5fbc3c0N.exe
2308	44e8805322637bbd277fe21be5fbc3c0N.exe
2060	44e8805322637bbd277fe21be5fbc3c0N.exe
2060	44e8805322637bbd277fe21be5fbc3c0N.exe
1808	44e8805322637bbd277fe21be5fbc3c0N.exe
1808	44e8805322637bbd277fe21be5fbc3c0N.exe
1004	44e8805322637bbd277fe21be5fbc3c0N.exe
1004	44e8805322637bbd277fe21be5fbc3c0N.exe
2960	44e8805322637bbd277fe21be5fbc3c0N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2200 wrote to memory of 2852	2200	44e8805322637bbd277fe21be5fbc3c0N.exe	30
PID 2200 wrote to memory of 2852	2200	44e8805322637bbd277fe21be5fbc3c0N.exe	30
PID 2200 wrote to memory of 2852	2200	44e8805322637bbd277fe21be5fbc3c0N.exe	30
PID 2200 wrote to memory of 2852	2200	44e8805322637bbd277fe21be5fbc3c0N.exe	30
PID 2852 wrote to memory of 3024	2852	44e8805322637bbd277fe21be5fbc3c0N.exe	31
PID 2852 wrote to memory of 3024	2852	44e8805322637bbd277fe21be5fbc3c0N.exe	31
PID 2852 wrote to memory of 3024	2852	44e8805322637bbd277fe21be5fbc3c0N.exe	31
PID 2852 wrote to memory of 3024	2852	44e8805322637bbd277fe21be5fbc3c0N.exe	31
PID 2200 wrote to memory of 3044	2200	44e8805322637bbd277fe21be5fbc3c0N.exe	32
PID 2200 wrote to memory of 3044	2200	44e8805322637bbd277fe21be5fbc3c0N.exe	32
PID 2200 wrote to memory of 3044	2200	44e8805322637bbd277fe21be5fbc3c0N.exe	32
PID 2200 wrote to memory of 3044	2200	44e8805322637bbd277fe21be5fbc3c0N.exe	32
PID 3024 wrote to memory of 1644	3024	44e8805322637bbd277fe21be5fbc3c0N.exe	33
PID 3024 wrote to memory of 1644	3024	44e8805322637bbd277fe21be5fbc3c0N.exe	33
PID 3024 wrote to memory of 1644	3024	44e8805322637bbd277fe21be5fbc3c0N.exe	33
PID 3024 wrote to memory of 1644	3024	44e8805322637bbd277fe21be5fbc3c0N.exe	33
PID 2852 wrote to memory of 1104	2852	44e8805322637bbd277fe21be5fbc3c0N.exe	34
PID 2852 wrote to memory of 1104	2852	44e8805322637bbd277fe21be5fbc3c0N.exe	34
PID 2852 wrote to memory of 1104	2852	44e8805322637bbd277fe21be5fbc3c0N.exe	34
PID 2852 wrote to memory of 1104	2852	44e8805322637bbd277fe21be5fbc3c0N.exe	34
PID 3044 wrote to memory of 768	3044	44e8805322637bbd277fe21be5fbc3c0N.exe	35
PID 3044 wrote to memory of 768	3044	44e8805322637bbd277fe21be5fbc3c0N.exe	35
PID 3044 wrote to memory of 768	3044	44e8805322637bbd277fe21be5fbc3c0N.exe	35
PID 3044 wrote to memory of 768	3044	44e8805322637bbd277fe21be5fbc3c0N.exe	35
PID 2200 wrote to memory of 1444	2200	44e8805322637bbd277fe21be5fbc3c0N.exe	36
PID 2200 wrote to memory of 1444	2200	44e8805322637bbd277fe21be5fbc3c0N.exe	36
PID 2200 wrote to memory of 1444	2200	44e8805322637bbd277fe21be5fbc3c0N.exe	36
PID 2200 wrote to memory of 1444	2200	44e8805322637bbd277fe21be5fbc3c0N.exe	36
PID 1644 wrote to memory of 1944	1644	44e8805322637bbd277fe21be5fbc3c0N.exe	37
PID 1644 wrote to memory of 1944	1644	44e8805322637bbd277fe21be5fbc3c0N.exe	37
PID 1644 wrote to memory of 1944	1644	44e8805322637bbd277fe21be5fbc3c0N.exe	37
PID 1644 wrote to memory of 1944	1644	44e8805322637bbd277fe21be5fbc3c0N.exe	37
PID 1104 wrote to memory of 1712	1104	44e8805322637bbd277fe21be5fbc3c0N.exe	38
PID 1104 wrote to memory of 1712	1104	44e8805322637bbd277fe21be5fbc3c0N.exe	38
PID 1104 wrote to memory of 1712	1104	44e8805322637bbd277fe21be5fbc3c0N.exe	38
PID 1104 wrote to memory of 1712	1104	44e8805322637bbd277fe21be5fbc3c0N.exe	38
PID 2852 wrote to memory of 532	2852	44e8805322637bbd277fe21be5fbc3c0N.exe	40
PID 2852 wrote to memory of 532	2852	44e8805322637bbd277fe21be5fbc3c0N.exe	40
PID 2852 wrote to memory of 532	2852	44e8805322637bbd277fe21be5fbc3c0N.exe	40
PID 2852 wrote to memory of 532	2852	44e8805322637bbd277fe21be5fbc3c0N.exe	40
PID 3024 wrote to memory of 1292	3024	44e8805322637bbd277fe21be5fbc3c0N.exe	39
PID 3024 wrote to memory of 1292	3024	44e8805322637bbd277fe21be5fbc3c0N.exe	39
PID 3024 wrote to memory of 1292	3024	44e8805322637bbd277fe21be5fbc3c0N.exe	39
PID 3024 wrote to memory of 1292	3024	44e8805322637bbd277fe21be5fbc3c0N.exe	39
PID 768 wrote to memory of 1904	768	44e8805322637bbd277fe21be5fbc3c0N.exe	41
PID 768 wrote to memory of 1904	768	44e8805322637bbd277fe21be5fbc3c0N.exe	41
PID 768 wrote to memory of 1904	768	44e8805322637bbd277fe21be5fbc3c0N.exe	41
PID 768 wrote to memory of 1904	768	44e8805322637bbd277fe21be5fbc3c0N.exe	41
PID 3044 wrote to memory of 1004	3044	44e8805322637bbd277fe21be5fbc3c0N.exe	42
PID 3044 wrote to memory of 1004	3044	44e8805322637bbd277fe21be5fbc3c0N.exe	42
PID 3044 wrote to memory of 1004	3044	44e8805322637bbd277fe21be5fbc3c0N.exe	42
PID 3044 wrote to memory of 1004	3044	44e8805322637bbd277fe21be5fbc3c0N.exe	42
PID 1444 wrote to memory of 1660	1444	44e8805322637bbd277fe21be5fbc3c0N.exe	43
PID 1444 wrote to memory of 1660	1444	44e8805322637bbd277fe21be5fbc3c0N.exe	43
PID 1444 wrote to memory of 1660	1444	44e8805322637bbd277fe21be5fbc3c0N.exe	43
PID 1444 wrote to memory of 1660	1444	44e8805322637bbd277fe21be5fbc3c0N.exe	43
PID 2200 wrote to memory of 2100	2200	44e8805322637bbd277fe21be5fbc3c0N.exe	44
PID 2200 wrote to memory of 2100	2200	44e8805322637bbd277fe21be5fbc3c0N.exe	44
PID 2200 wrote to memory of 2100	2200	44e8805322637bbd277fe21be5fbc3c0N.exe	44
PID 2200 wrote to memory of 2100	2200	44e8805322637bbd277fe21be5fbc3c0N.exe	44
PID 1944 wrote to memory of 1084	1944	44e8805322637bbd277fe21be5fbc3c0N.exe	45
PID 1944 wrote to memory of 1084	1944	44e8805322637bbd277fe21be5fbc3c0N.exe	45
PID 1944 wrote to memory of 1084	1944	44e8805322637bbd277fe21be5fbc3c0N.exe	45
PID 1944 wrote to memory of 1084	1944	44e8805322637bbd277fe21be5fbc3c0N.exe	45

C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
"C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2200
- C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2852
- - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3024
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1644
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1944
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        8⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        9⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        9⤵
        
        PID:8184
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        9⤵
        
        PID:15880
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        8⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        9⤵
        
        PID:9704
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        9⤵
        
        PID:15888
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        8⤵
        
        PID:7336
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        8⤵
        
        PID:13920
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        8⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        9⤵
        
        PID:19500
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        8⤵
        
        PID:8140
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        8⤵
        
        PID:10932
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        8⤵
        
        PID:15184
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        8⤵
        
        PID:9460
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        8⤵
        
        PID:11312
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        8⤵
        
        PID:16960
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:10860
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:15040
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        8⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        8⤵
        
        PID:8480
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        8⤵
        
        PID:14548
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        8⤵
        
        PID:18308
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:7204
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:11304
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:16844
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:8616
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:14960
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:17468
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:7312
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:13912
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1968
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        8⤵
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        8⤵
        
        PID:10416
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        8⤵
        
        PID:16800
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        8⤵
        
        PID:19508
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:8284
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:15796
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:9956
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:14612
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:20332
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:19492
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:8112
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:15820
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:348
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:6460
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:11368
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:15804
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:6076
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:8624
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:15028
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:3420
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:6896
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:10360
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:14556
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:5604
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:21212
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:6864
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:15252
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1292
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2308
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        8⤵
        
        PID:8696
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        8⤵
        
        PID:14668
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        8⤵
        
        PID:20352
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:10908
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:15168
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:8148
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:14860
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:6284
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:9680
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:14632
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:20308
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:3080
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:9188
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:15080
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:7260
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:13696
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:19476
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:4564
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:7868
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:14460
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:6540
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:10408
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:17432
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:352
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:1588
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:7128
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:10924
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:15176
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:20444
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:8276
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:15864
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:4016
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:6660
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:10304
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:14600
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:5500
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:20360
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:8104
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:14912
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:944
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:4328
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:7196
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:13164
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:5612
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:9204
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:15872
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:3716
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:7092
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:11320
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:16900
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:5836
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:8268
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:14940
- - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1104
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1712
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2140
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        8⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        9⤵
        
        PID:20372
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        8⤵
        
        PID:8488
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        8⤵
        
        PID:14516
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        8⤵
        
        PID:9436
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        8⤵
        
        PID:15088
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:7236
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:13732
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:20324
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:8608
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:14844
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:17460
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:7220
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:11184
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:16976
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:2924
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        8⤵
        
        PID:20452
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:8648
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:15096
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:9696
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:15788
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:7400
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:10884
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:15844
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:3676
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:2948
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:8640
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:15148
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:5092
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:9452
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:15828
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:7252
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:11352
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:15020
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:948
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:3052
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:9316
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:14572
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:2316
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:8064
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:15004
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:3808
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:5252
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:8856
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:15112
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:5196
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:17484
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:7944
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:15852
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:2776
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:3868
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:1576
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:9220
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:14884
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:5344
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:18244
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:7856
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:14444
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:3752
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:6100
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:8768
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:15120
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:5164
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:7712
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:11256
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:14808
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:8048
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:15012
- - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:532
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1724
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:1540
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:9944
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:14740
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:6168
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:9308
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:14564
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:3708
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:7024
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:10916
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:15192
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:5784
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:8472
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:14588
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:2900
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:4748
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:8684
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:14692
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:6688
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:13636
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:21564
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:4476
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:7360
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:15940
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:6484
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:10292
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:16952
- - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2952
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:2588
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:4052
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:6704
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:10432
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:16812
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:5512
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:2812
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:8176
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:11272
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:14792
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:3836
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:6028
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:9300
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:14540
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:5308
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:17476
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:8072
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:14980
- - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
    3⤵
    PID:2584
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:3980
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:6620
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:10400
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:17440
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:5492
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:20436
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:8096
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:14496
- - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
    3⤵
    PID:3800
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:6120
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:8632
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:14708
- - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
    3⤵
    PID:5176
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:22764
- - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
    3⤵
    PID:8008
- - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
    3⤵
    PID:14852
- C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3044
- - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:768
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1904
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2208
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        8⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        8⤵
        
        PID:11172
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        8⤵
        
        PID:16912
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:9196
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:15232
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:11336
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:16968
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:20476
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:8760
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:15156
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:1972
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:9292
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:14640
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:6800
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:13708
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:4576
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:7356
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:11220
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:16860
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:6548
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:10892
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:15212
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:684
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:2736
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:10352
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:14660
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:20468
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:7688
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:11292
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:16936
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:3932
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:6252
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:9444
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:15048
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:5456
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:20420
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:8168
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:10340
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:14768
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:2744
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:4260
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:7064
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:14108
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:2216
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:6136
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:8848
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:15104
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:3628
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:7052
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:11248
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:14868
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:5820
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:8296
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:15948
- - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1004
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1060
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:1380
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:13748
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:6184
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:9468
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:11212
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:16892
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:3500
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:6928
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:10460
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:16836
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:5596
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:7288
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:11204
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:16828
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:1688
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:4452
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:7324
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:14924
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:6464
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:9964
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:14732
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:20344
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:4272
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:6700
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:13652
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:23096
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:6128
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:8832
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:14748
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:20316
- - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2060
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:3172
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:4956
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:9748
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:15896
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:7872
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:15932
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:4668
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:8536
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:14724
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:6792
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:10440
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:16852
- - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
    3⤵
    PID:1980
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:4788
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:8464
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:15136
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:6776
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:10984
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:16820
- - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
    3⤵
    PID:4468
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:7248
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:11228
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:16944
- - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
    3⤵
    PID:6476
- - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
    3⤵
    PID:10320
- - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
    3⤵
    PID:14532
- C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1444
- - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1660
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2960
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:3216
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:9780
        
        C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        7⤵
        
        PID:15908
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:8036
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:15812
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:4620
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:8228
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:15920
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:6720
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:10344
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:14684
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:3156
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:4532
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:7732
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:11344
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:16928
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:7700
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:14988
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:4644
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:8208
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:14484
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:6748
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:10424
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:17424
- - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1808
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:3188
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:5140
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:10876
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:14756
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:8056
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:14800
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:4660
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:8496
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:14896
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:6824
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:10900
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:15072
- - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
    3⤵
    PID:2716
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:4812
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:8720
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:14676
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:6816
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:11328
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:16984
- - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
    3⤵
    PID:4488
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:8028
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:11236
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:16920
- - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
    3⤵
    PID:6496
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:20380
- - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
    3⤵
    PID:10284
- - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
    3⤵
    PID:16464
- C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2100
- - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
    3⤵
    PID:2012
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:3352
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:5288
      - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        6⤵
        
        PID:18400
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:7936
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:14932
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:4676
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:8236
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:15836
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:6784
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:10312
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:14580
- - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
    3⤵
    PID:3244
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:5220
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:20428
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:8000
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:14836
- - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
    3⤵
    PID:4636
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:8524
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:14776
- - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
    3⤵
    PID:6732
- - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
    3⤵
    PID:10328
- - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
    3⤵
    PID:14524
- C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
  2⤵
  PID:2164
- - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
    3⤵
    PID:3432
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:5240
    - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
        5⤵
        
        PID:17452
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:8132
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:14996
- - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
    3⤵
    PID:4712
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:8216
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:14472
- - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
    3⤵
    PID:6844
- - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
    3⤵
    PID:10448
- - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
    3⤵
    PID:17416
- C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
  2⤵
  PID:3128
- - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
    3⤵
    PID:4396
  - - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
      4⤵
      PID:18384
- - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
    3⤵
    PID:7676
- - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
    3⤵
    PID:15244
- C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
  2⤵
  PID:4652
- - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
    3⤵
    PID:8512
- - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
    3⤵
    PID:14416
- - C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
    3⤵
    PID:20460
- C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
  2⤵
  PID:6804
- C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
  2⤵
  PID:10868
- C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\44e8805322637bbd277fe21be5fbc3c0N.exe"
  2⤵
  PID:15224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\kicking handjob hidden .mpg.exe

Filesize
423KB

MD5
df0af71e91d95cab16809a22c9c8ed9c

SHA1
bd087d90e5ca1b00ce3bc9137b2ee40905e3bbe5

SHA256
ef95bd4f7071cd660064e2f8cc92c8f5898fc9231c550a81bfd9ab4797ec4901

SHA512
8e5588a2a7dcaff4e587a695ac5180966e843b1a22f0a910d89e175e906c3cdb968352ca9f8b8baac146504a4178e0bf534cfe5d6a0c0e71bbb3989c00763e1a

Download Submit
C:\debug.txt

Filesize
183B

MD5
16343683050c2bca303770c81bddac84

SHA1
9505f739238f07f9108c98661f62bfc012dbd6aa

SHA256
e0868c9b9fae28236a28f0381009d820219b969365daae9a6b8d79fb5d079243

SHA512
4234004e597ac1c687ac42db35a904d25e7faeb9e0afb1372ea8e8b36b49223d9b64af557905d8b9b5e8533107ef99bd9e083d6888a8bae6c43a6f59583fb61d

Download Submit
memory/348-181-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/348-167-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/352-133-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/532-120-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/684-132-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/768-95-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/768-121-0x0000000004AB0000-0x0000000004ACE000-memory.dmp

Filesize
120KB

Download
memory/768-131-0x0000000004AB0000-0x0000000004ACE000-memory.dmp

Filesize
120KB

Download
memory/944-170-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/948-147-0x0000000004DD0000-0x0000000004DEE000-memory.dmp

Filesize
120KB

Download
memory/948-118-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/948-128-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/948-166-0x0000000004DD0000-0x0000000004DEE000-memory.dmp

Filesize
120KB

Download
memory/1004-109-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1004-122-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1060-134-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1084-151-0x0000000004B90000-0x0000000004BAE000-memory.dmp

Filesize
120KB

Download
memory/1084-125-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1084-137-0x0000000004B90000-0x0000000004BAE000-memory.dmp

Filesize
120KB

Download
memory/1084-113-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1104-146-0x0000000005060000-0x000000000507E000-memory.dmp

Filesize
120KB

Download
memory/1104-164-0x0000000005060000-0x000000000507E000-memory.dmp

Filesize
120KB

Download
memory/1104-94-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1104-127-0x0000000005060000-0x000000000507E000-memory.dmp

Filesize
120KB

Download
memory/1104-108-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1292-117-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1292-106-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1444-110-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1580-139-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1580-155-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1588-180-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1644-92-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1660-123-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1712-114-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1712-158-0x0000000005050000-0x000000000506E000-memory.dmp

Filesize
120KB

Download
memory/1712-142-0x0000000005050000-0x000000000506E000-memory.dmp

Filesize
120KB

Download
memory/1712-103-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1724-313-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1808-143-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1904-119-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1904-107-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1944-99-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1944-144-0x0000000004AB0000-0x0000000004ACE000-memory.dmp

Filesize
120KB

Download
memory/1944-111-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1944-162-0x0000000004AB0000-0x0000000004ACE000-memory.dmp

Filesize
120KB

Download
memory/1968-130-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1968-153-0x0000000004A90000-0x0000000004AAE000-memory.dmp

Filesize
120KB

Download
memory/1968-175-0x0000000004A90000-0x0000000004AAE000-memory.dmp

Filesize
120KB

Download
memory/1980-183-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2012-150-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2012-135-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2060-312-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2100-124-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2140-115-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2140-157-0x0000000004690000-0x00000000046AE000-memory.dmp

Filesize
120KB

Download
memory/2140-141-0x0000000004690000-0x00000000046AE000-memory.dmp

Filesize
120KB

Download
memory/2140-126-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2164-148-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2200-291-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2200-0-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2200-101-0x0000000005290000-0x00000000052AE000-memory.dmp

Filesize
120KB

Download
memory/2200-461-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2200-96-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2200-72-0x0000000005290000-0x00000000052AE000-memory.dmp

Filesize
120KB

Download
memory/2200-112-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2208-171-0x0000000004580000-0x000000000459E000-memory.dmp

Filesize
120KB

Download
memory/2208-138-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2308-178-0x0000000004DD0000-0x0000000004DEE000-memory.dmp

Filesize
120KB

Download
memory/2308-140-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2404-172-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2584-173-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2588-156-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2588-177-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2612-176-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2612-154-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2672-163-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2736-161-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2736-179-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2744-182-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2744-169-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2776-165-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2832-160-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2852-98-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2852-75-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2852-88-0x0000000004DD0000-0x0000000004DEE000-memory.dmp

Filesize
120KB

Download
memory/2852-93-0x0000000005050000-0x000000000506E000-memory.dmp

Filesize
120KB

Download
memory/2852-100-0x0000000004DD0000-0x0000000004DEE000-memory.dmp

Filesize
120KB

Download
memory/2852-105-0x0000000005050000-0x000000000506E000-memory.dmp

Filesize
120KB

Download
memory/2852-116-0x0000000005050000-0x000000000506E000-memory.dmp

Filesize
120KB

Download
memory/2924-159-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2952-174-0x0000000004DD0000-0x0000000004DEE000-memory.dmp

Filesize
120KB

Download
memory/2952-129-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2952-152-0x0000000004DD0000-0x0000000004DEE000-memory.dmp

Filesize
120KB

Download
memory/2960-145-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3024-104-0x0000000004F10000-0x0000000004F2E000-memory.dmp

Filesize
120KB

Download
memory/3024-91-0x0000000004F10000-0x0000000004F2E000-memory.dmp

Filesize
120KB

Download
memory/3024-89-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3044-90-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3044-102-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3052-149-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3052-168-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download