61ed2a4a98db304cdf82c92ac84457cafb3696c6c59a02e6f7a035df58f4e276

Analysis

max time kernel
24s
max time network
117s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
19/07/2024, 05:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
Size

888KB
MD5

5aa568bb5f6eab2c3eb4ec0fb2b7b890
SHA1

ef5c9f8c286e4467d4f5766d72cd4240bb493853
SHA256

61ed2a4a98db304cdf82c92ac84457cafb3696c6c59a02e6f7a035df58f4e276
SHA512

89be61eed35011a10340f252f58b15532348b794136c379a710b5292f97ef6191d9c70e0a67600ccca211c636007fe3a72c5b298e4f4068fbcb7a895008f144b
SSDEEP

24576:t24hPKBPBnFHXzZrlOfiIYtyl0aCHSHj/U1:Q40BnF3qKIYVBSD/o

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2568-0-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/files/0x0008000000016e9f-5.dat	upx
behavioral1/memory/2568-53-0x0000000004DA0000-0x0000000004DBD000-memory.dmp	upx
behavioral1/memory/2428-89-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1928-91-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2568-92-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/556-94-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2860-97-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2792-95-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2712-98-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/3020-99-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2864-101-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1928-102-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1916-104-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1164-106-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2704-105-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2568-108-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/556-110-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2080-113-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1520-114-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2860-112-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/984-118-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1764-122-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1756-119-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2880-121-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1032-120-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/3020-115-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2124-125-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1164-124-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1916-123-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2732-126-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/864-127-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2080-128-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1520-129-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1756-132-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/984-131-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1580-134-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1868-133-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1600-141-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/752-137-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1048-136-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2208-139-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1100-138-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2436-144-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2556-143-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2308-142-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2444-146-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2516-150-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2584-145-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1580-151-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/3012-149-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2312-148-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2272-147-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2800-152-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2668-154-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1100-153-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1600-155-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2540-160-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2436-156-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2948-165-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2104-164-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1968-163-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/3012-162-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2272-161-0x0000000000400000-0x000000000041D000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\T:	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File opened (read-only)	\??\Y:	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File opened (read-only)	\??\A:	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File opened (read-only)	\??\B:	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File opened (read-only)	\??\N:	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File opened (read-only)	\??\O:	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File opened (read-only)	\??\P:	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File opened (read-only)	\??\Q:	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File opened (read-only)	\??\S:	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File opened (read-only)	\??\V:	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File opened (read-only)	\??\E:	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File opened (read-only)	\??\I:	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File opened (read-only)	\??\L:	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File opened (read-only)	\??\M:	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File opened (read-only)	\??\W:	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File opened (read-only)	\??\G:	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File opened (read-only)	\??\H:	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File opened (read-only)	\??\R:	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File opened (read-only)	\??\Z:	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File opened (read-only)	\??\J:	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File opened (read-only)	\??\K:	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File opened (read-only)	\??\U:	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File opened (read-only)	\??\X:	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\brasilian action xxx catfight young (Sonja,Samantha).avi.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\System32\DriverStore\Temp\fucking public lady (Ashley,Janette).mpg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\SysWOW64\IME\shared\tyrkish porn lesbian [milf] titts .avi.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\brasilian gang bang beast several models hole mature (Melissa).rar.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\SysWOW64\FxsTmp\brasilian beastiality blowjob lesbian (Janette).mpg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\brasilian animal bukkake full movie hairy .rar.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\SysWOW64\FxsTmp\cumshot lesbian public feet .mpeg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\indian cum beast masturbation hole beautyfull (Samantha).mpg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\sperm big hotel .zip.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\SysWOW64\IME\shared\indian cum horse big castration (Kathrin,Karin).mpeg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\black kicking gay catfight titts .zip.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\indian handjob hardcore hidden hole .mpeg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\italian fetish trambling [free] sm .rar.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\russian nude blowjob hidden lady .zip.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\horse hot (!) hole shoes .zip.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\trambling [bangbus] shower .mpeg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\italian kicking bukkake uncut redhair (Jenna,Liz).zip.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\danish cumshot hardcore hidden shower (Jenna,Janette).mpeg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\horse hidden ejaculation .avi.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\russian handjob bukkake [milf] cock beautyfull .zip.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Program Files\Windows Journal\Templates\japanese animal blowjob sleeping castration .rar.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Program Files\DVD Maker\Shared\xxx catfight feet .zip.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\swedish cumshot xxx uncut cock granny .avi.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Program Files (x86)\Google\Temp\hardcore [milf] .mpeg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Program Files (x86)\Google\Update\Download\japanese horse horse licking feet traffic (Curtney).avi.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\swedish horse horse licking cock bondage .zip.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\danish cum sperm sleeping boots .avi.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\gay voyeur pregnant .rar.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\german hardcore voyeur glans .zip.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\british gay public (Janette).mpeg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\french trambling catfight traffic .mpeg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\indian nude horse [free] balls .mpeg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\action beast [bangbus] pregnant .zip.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\brasilian cumshot lingerie [free] YEâPSè& (Sonja,Melissa).avi.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\danish nude lesbian girls feet hairy .mpg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\bukkake full movie mature .mpeg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\beast uncut glans sm .mpeg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\security\templates\danish fetish horse voyeur glans bondage .mpg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\lesbian [free] cock shoes (Tatjana).zip.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\african hardcore catfight sweet (Jenna,Curtney).mpeg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\gay catfight glans mature .mpeg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\american cumshot lesbian [bangbus] hairy .mpeg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\swedish fetish xxx hot (!) .mpg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\horse [milf] .avi.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\fucking voyeur titts 50+ .avi.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\SoftwareDistribution\Download\american handjob trambling public sweet .mpg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\malaysia blowjob sleeping cock bondage .rar.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\japanese handjob beast lesbian .rar.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\porn gay catfight bedroom .mpg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\danish action sperm hidden .mpeg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\brasilian horse bukkake lesbian feet sweet (Sarah).mpeg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\kicking sperm [bangbus] boots (Sonja,Sarah).mpeg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\german xxx licking high heels .mpg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\swedish cumshot horse [milf] girly .mpg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\german bukkake licking ash (Christine,Karin).mpg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\mssrv.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\brasilian cum hardcore uncut hole .avi.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\danish nude gay [milf] glans .mpeg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\handjob blowjob catfight cock .rar.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\blowjob [free] titts .rar.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\PLA\Templates\beast masturbation circumcision .mpeg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\japanese animal beast public traffic (Sonja,Janette).rar.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\brasilian cumshot beast several models 40+ .zip.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\spanish hardcore [milf] titts (Jenna,Tatjana).zip.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\canadian lingerie licking .avi.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\indian beastiality gay licking swallow .rar.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\british beast big .zip.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\indian nude blowjob hot (!) hole bedroom .mpeg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\canadian hardcore voyeur titts .zip.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\gang bang trambling [bangbus] bedroom .zip.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\italian fetish xxx catfight swallow (Gina,Sarah).mpg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\swedish horse lesbian hot (!) ejaculation .avi.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\spanish gay voyeur titts high heels .mpeg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\german hardcore [bangbus] castration .avi.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\blowjob hidden bedroom .avi.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\japanese cum horse sleeping .avi.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\indian handjob gay public leather (Kathrin,Curtney).mpeg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\indian handjob gay [free] (Karin).avi.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\fetish hardcore sleeping gorgeoushorny .zip.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\italian cum fucking girls feet (Ashley,Samantha).mpg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\indian beastiality fucking hot (!) (Sylvia).avi.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\italian gang bang xxx catfight hole castration .mpg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\norwegian trambling voyeur .rar.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\assembly\temp\indian nude xxx girls (Sarah).mpg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\sperm uncut granny .mpeg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\british trambling catfight traffic .mpg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\winsxs\Temp\bukkake voyeur feet girly (Janette).mpg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\porn lingerie full movie (Tatjana).mpg.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\sperm [milf] cock .avi.exe	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2568	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
2792	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
2568	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
2712	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
2428	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
2792	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
2568	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
2864	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
2712	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
2704	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
1928	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
2792	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
556	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
2428	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
2568	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
2860	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
2864	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
3020	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
2880	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
2712	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
1032	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
1928	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
1764	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
2704	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
1916	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
2428	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
2792	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
1164	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
2124	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
556	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
2568	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
2732	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
864	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
2860	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
2080	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
2864	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
1520	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
2712	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
1868	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
2880	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
2880	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
3020	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
3020	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
984	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
1756	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
1756	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
984	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
2704	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
2704	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
1048	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
1048	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
752	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
752	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
1928	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
1928	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
1032	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
1032	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
1764	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
1764	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
2208	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
2208	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
2556	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
2556	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
2584	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2568 wrote to memory of 2792	2568	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	30
PID 2568 wrote to memory of 2792	2568	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	30
PID 2568 wrote to memory of 2792	2568	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	30
PID 2568 wrote to memory of 2792	2568	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	30
PID 2792 wrote to memory of 2712	2792	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	32
PID 2792 wrote to memory of 2712	2792	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	32
PID 2792 wrote to memory of 2712	2792	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	32
PID 2792 wrote to memory of 2712	2792	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	32
PID 2568 wrote to memory of 2428	2568	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	33
PID 2568 wrote to memory of 2428	2568	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	33
PID 2568 wrote to memory of 2428	2568	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	33
PID 2568 wrote to memory of 2428	2568	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	33
PID 2712 wrote to memory of 2864	2712	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	34
PID 2712 wrote to memory of 2864	2712	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	34
PID 2712 wrote to memory of 2864	2712	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	34
PID 2712 wrote to memory of 2864	2712	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	34
PID 2428 wrote to memory of 1928	2428	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	35
PID 2428 wrote to memory of 1928	2428	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	35
PID 2428 wrote to memory of 1928	2428	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	35
PID 2428 wrote to memory of 1928	2428	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	35
PID 2792 wrote to memory of 2704	2792	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	36
PID 2792 wrote to memory of 2704	2792	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	36
PID 2792 wrote to memory of 2704	2792	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	36
PID 2792 wrote to memory of 2704	2792	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	36
PID 2568 wrote to memory of 556	2568	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	37
PID 2568 wrote to memory of 556	2568	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	37
PID 2568 wrote to memory of 556	2568	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	37
PID 2568 wrote to memory of 556	2568	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	37
PID 2864 wrote to memory of 2860	2864	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	38
PID 2864 wrote to memory of 2860	2864	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	38
PID 2864 wrote to memory of 2860	2864	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	38
PID 2864 wrote to memory of 2860	2864	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	38
PID 2712 wrote to memory of 3020	2712	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	39
PID 2712 wrote to memory of 3020	2712	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	39
PID 2712 wrote to memory of 3020	2712	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	39
PID 2712 wrote to memory of 3020	2712	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	39
PID 2704 wrote to memory of 2880	2704	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	40
PID 2704 wrote to memory of 2880	2704	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	40
PID 2704 wrote to memory of 2880	2704	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	40
PID 2704 wrote to memory of 2880	2704	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	40
PID 1928 wrote to memory of 1032	1928	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	41
PID 1928 wrote to memory of 1032	1928	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	41
PID 1928 wrote to memory of 1032	1928	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	41
PID 1928 wrote to memory of 1032	1928	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	41
PID 2792 wrote to memory of 1764	2792	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	43
PID 2792 wrote to memory of 1764	2792	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	43
PID 2792 wrote to memory of 1764	2792	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	43
PID 2792 wrote to memory of 1764	2792	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	43
PID 2428 wrote to memory of 1916	2428	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	42
PID 2428 wrote to memory of 1916	2428	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	42
PID 2428 wrote to memory of 1916	2428	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	42
PID 2428 wrote to memory of 1916	2428	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	42
PID 556 wrote to memory of 1164	556	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	44
PID 556 wrote to memory of 1164	556	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	44
PID 556 wrote to memory of 1164	556	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	44
PID 556 wrote to memory of 1164	556	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	44
PID 2568 wrote to memory of 2124	2568	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	45
PID 2568 wrote to memory of 2124	2568	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	45
PID 2568 wrote to memory of 2124	2568	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	45
PID 2568 wrote to memory of 2124	2568	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	45
PID 2860 wrote to memory of 2732	2860	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	46
PID 2860 wrote to memory of 2732	2860	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	46
PID 2860 wrote to memory of 2732	2860	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	46
PID 2860 wrote to memory of 2732	2860	5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe	46

C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
"C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2568
- C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
  "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2792
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2712
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2864
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2860
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        9⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        10⤵
        
        PID:10564
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        11⤵
        
        PID:20040
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        10⤵
        
        PID:19568
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        9⤵
        
        PID:7460
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        10⤵
        
        PID:19968
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        9⤵
        
        PID:15772
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        9⤵
        
        PID:8680
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        10⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        9⤵
        
        PID:17736
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        9⤵
        
        PID:18792
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:11436
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        9⤵
        
        PID:20592
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:17904
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        9⤵
        
        PID:15556
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:8708
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        9⤵
        
        PID:18584
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:18276
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:9416
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        9⤵
        
        PID:19788
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:18664
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:19032
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:11420
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:20576
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:18032
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        9⤵
        
        PID:10532
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        10⤵
        
        PID:20420
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        9⤵
        
        PID:18048
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:7624
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        9⤵
        
        PID:19820
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:17252
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:8652
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        9⤵
        
        PID:18880
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:18252
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:18608
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:11720
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:20524
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:19480
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:16588
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:8788
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:18396
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:18720
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:9496
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:18152
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:17680
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:18464
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:11412
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:17912
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:864
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        9⤵
        
        PID:9784
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        10⤵
        
        PID:20304
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        9⤵
        
        PID:18380
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:8724
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        9⤵
        
        PID:19700
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:17712
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:9060
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        9⤵
        
        PID:19732
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:12804
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:15788
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:11712
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:20460
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:19576
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:6304
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:17500
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:9536
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:19864
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:17260
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:9872
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:20396
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:17404
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:18112
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:17420
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:2444
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:16636
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:7632
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:17552
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:17364
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:8872
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:18428
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:18064
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:17520
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:11444
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:17880
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:3804
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:10524
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:19976
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:18520
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:18600
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:17348
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:4220
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:9508
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:18992
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:17728
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:7120
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:19760
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:11456
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:18924
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:17324
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3020
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2080
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        9⤵
        
        PID:10692
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        10⤵
        
        PID:19888
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        9⤵
        
        PID:19604
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:7436
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        9⤵
        
        PID:20008
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:12812
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:9720
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        9⤵
        
        PID:19660
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:18632
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:20388
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:11464
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:17896
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:16572
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:9068
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:19912
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:17300
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:8848
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:17672
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:18528
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:18456
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:11492
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:17872
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:2948
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:18480
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:11472
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:20720
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:17888
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:16956
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:8780
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:19752
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:17768
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:3984
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:6432
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:17452
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:10140
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:18144
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:19208
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:5328
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:10200
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:18800
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:18088
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:8304
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:20192
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:18236
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1520
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:2800
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:18864
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:11768
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:20428
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:19240
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:12068
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:19832
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:19284
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:7656
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:20016
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:17308
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:4004
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:18420
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:11324
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:20468
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:18024
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:5400
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:12012
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:20508
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:19224
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:8284
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:20140
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:17688
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:3012
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:3220
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:18512
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:11404
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:17968
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:5688
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:15184
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:8756
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:18560
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:17784
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:3936
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:6236
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:16612
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:9904
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:20256
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:18736
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:5068
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:9864
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:19128
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:18104
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:7292
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:20380
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:11220
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:20728
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:19812
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2704
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2880
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1868
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:8116
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        9⤵
        
        PID:20160
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:17412
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:17028
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:9840
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:18900
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:18324
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:17560
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:11956
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:20280
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:19136
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:11356
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:20568
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:19192
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:8536
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:19716
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:18184
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:2796
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:7200
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:17568
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:16628
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:10556
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:20436
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:19428
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:7448
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:19856
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:12820
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:3960
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:17576
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:10596
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:18200
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:19848
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:5256
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:9800
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:18888
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:18388
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:7736
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:19684
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:17220
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1756
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:2748
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:7388
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:17544
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:12024
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:20584
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:18080
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:16604
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:9476
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:19000
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:17276
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:3116
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:20368
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:10548
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:19928
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:19440
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:5580
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:11340
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:20516
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:17936
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:8644
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:19768
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:18656
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:2668
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:4000
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:17616
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:12032
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:18096
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:6032
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:10660
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:19952
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:19232
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:7400
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:17664
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:15780
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:3972
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:6368
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:16580
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:9544
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:18960
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:17268
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:5192
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:9856
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:18776
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:18356
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:7552
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:17536
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:15016
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1764
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:752
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:1968
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:18212
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:11316
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:20168
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:19152
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:9832
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:18908
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:18332
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:2528
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:2052
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:11300
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:20540
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:17984
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:5520
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:11380
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:20500
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:17952
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:8544
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:19944
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:18176
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:1644
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:4452
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:8176
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:18984
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:11396
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:17976
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:6572
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:18784
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:10132
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:18568
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:19592
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:3216
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:7164
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:17656
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:11752
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:20296
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:19068
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:5672
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:11212
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:20444
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:18308
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:8740
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:18488
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:18752
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:2308
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:3300
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:4400
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:10480
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:19676
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:18072
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:7564
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:17640
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:17356
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:4560
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:8336
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:18496
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:17204
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:6588
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:12864
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:9940
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:19324
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:18292
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:3168
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:4856
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:8672
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:18816
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:17752
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:7092
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:18472
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:11428
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:17944
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:4276
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:8088
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:19960
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:17776
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:5696
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:16564
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:9276
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:20032
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:18372
- C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
  "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2428
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1928
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1032
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1048
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        9⤵
        
        PID:18536
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:17244
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:15172
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:9932
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:20412
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:18056
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:19796
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:11736
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:20736
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:19176
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:12060
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:20696
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:19620
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:8412
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:20216
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:17624
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:2412
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:7380
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:19780
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:11388
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:20560
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:17960
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:16620
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:9896
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:19332
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:18712
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:3316
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:18440
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:10904
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:19148
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:18696
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:5712
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:15212
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:8772
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:18552
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:18640
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:984
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:1648
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:7640
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:17428
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:17396
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:18136
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:10604
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:18824
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:19272
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:3616
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:18592
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:11696
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:20452
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:19120
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:5644
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:16596
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:8796
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:18872
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:18760
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:2540
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:4420
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:7700
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:17648
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:17340
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:6564
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:17608
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:10176
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:18976
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:19560
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:3348
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:6852
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:20184
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:11504
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:20688
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:18000
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:5704
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:15192
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:8764
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:18728
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:17848
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1916
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:2312
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:3408
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:10540
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:19936
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:18268
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:8296
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:18916
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:18220
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:4680
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:8352
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:19092
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:17284
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:6908
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:17592
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:11308
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:20680
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:19472
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:3332
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:5128
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:10184
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:20312
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:19200
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:7688
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:18544
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:15720
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:4584
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:8004
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:11688
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:20248
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:19260
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:18228
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:6596
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:9668
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:19100
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:18040
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:9952
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:20176
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:17316
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2208
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:2488
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:4620
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:8260
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:18404
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:17744
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:6808
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:18808
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:10572
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:19992
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:18896
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:3340
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:6896
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:17528
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:11704
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:20128
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:1740
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:5736
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:11372
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:20288
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:17928
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:8748
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:19724
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:18704
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:3188
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:5036
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:8716
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:18504
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:18284
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:7160
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:17332
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:11204
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:18952
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:18300
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:4312
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:8060
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:18856
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:18260
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:6192
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:17040
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:9880
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:18840
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:18624
- C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
  "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:556
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1164
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:2516
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:3416
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:10684
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        8⤵
        
        PID:20320
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:19248
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:7728
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:18576
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:17228
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:4640
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:8476
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:19084
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:17696
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:6824
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:17600
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:10100
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:19872
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:18008
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:3376
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:5244
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:10516
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:20236
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:19376
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:8312
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:18968
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:16644
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:4648
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:8328
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:19840
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:17236
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:6840
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:18744
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:10112
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:20328
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:18016
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2584
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:3260
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:5084
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:9848
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:18832
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:18340
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:7544
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:17632
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:12796
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:4552
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:8344
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:20080
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:18244
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:6580
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:9916
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:18848
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:18364
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:9824
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:20264
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:18348
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:3196
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:4980
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:9268
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:20404
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:18204
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:6180
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:15564
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:11744
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:20476
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:19692
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:4328
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:7812
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:19804
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:17292
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:6200
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:11364
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:20532
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:17920
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:9888
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:20064
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:18648
- C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
  "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2124
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:1580
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:3460
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:5428
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:10612
        
        C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        7⤵
        
        PID:20000
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:19112
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:8632
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:18412
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:18680
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:4688
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:8624
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:19708
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:18672
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:6856
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:17584
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:10500
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:20272
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:19216
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:3388
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:5296
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:10620
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:20352
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:19184
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:7484
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:19984
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:11332
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:20652
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:17992
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:4668
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:8484
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:19744
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:17704
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:6864
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:17512
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:10508
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:19920
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:18616
- C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
  "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2556
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:2764
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:4540
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:8012
      - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        6⤵
        
        PID:19880
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:17212
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:6624
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:18768
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:10580
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:20048
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:19292
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:3384
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:6916
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:19024
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:11760
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:20704
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:19584
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:5636
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:11348
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:20072
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:19464
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:8804
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:2448
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:18688
- C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
  "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
  2⤵
  PID:3176
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:4916
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:8528
    - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
        5⤵
        
        PID:18316
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:18192
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:7136
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:18448
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:11728
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:20712
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:19076
- C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
  "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
  2⤵
  PID:4304
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:7588
  - - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
      4⤵
      PID:20024
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:15728
- C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
  "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
  2⤵
  PID:6172
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:15160
- C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
  "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
  2⤵
  PID:10192
- - C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
    3⤵
    PID:19668
- C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe
  "C:\Users\Admin\AppData\Local\Temp\5aa568bb5f6eab2c3eb4ec0fb2b7b890N.exe"
  2⤵
  PID:19168

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\russian nude blowjob hidden lady .zip.exe

Filesize
178KB

MD5
0446a248834b8aa1b0ff0cca3091fd42

SHA1
059867f920ed743e78228dce3a2158124c091db6

SHA256
ef1aadb23b58c11cc36c379f770054523f113f73405283b104699601ad6db30d

SHA512
05d2667ddf4e24feeaa0fa6b604479b69c88ce799c711169586eb18c12b13275e5f63bd4771b1654bb5e0f8735f24f043dffcba1a9048865e494c72e87e519c3

Download Submit
C:\debug.txt

Filesize
183B

MD5
8c0c99b2e17712a44fec74fc274cd399

SHA1
fbca11d1b9a601cbf365aadb5142ac307923eeb0

SHA256
b6d39970dc0e0dcaa50a73ed1381f62fd2473b14aa9e3185a09a144e1eac6cbc

SHA512
6af1ae22ffbe4faad9bed835adabc668373086dbe8bc1523d71dce16b0c352a6c67e99854e6c556db44b8aec3eec8df275eaf8894e698e38ef54090c5815be7c

Download Submit
memory/556-103-0x0000000004690000-0x00000000046AD000-memory.dmp

Filesize
116KB

Download
memory/556-183-0x00000000046D0000-0x00000000046ED000-memory.dmp

Filesize
116KB

Download
memory/556-94-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/556-169-0x00000000046D0000-0x00000000046ED000-memory.dmp

Filesize
116KB

Download
memory/556-110-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/752-137-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/864-127-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/984-118-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/984-131-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1032-120-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1032-117-0x0000000004A90000-0x0000000004AAD000-memory.dmp

Filesize
116KB

Download
memory/1032-130-0x0000000004A90000-0x0000000004AAD000-memory.dmp

Filesize
116KB

Download
memory/1048-136-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1100-153-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1100-138-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1164-106-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1164-124-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1520-114-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1520-129-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1580-151-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1580-134-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1600-155-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1600-141-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1644-159-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1644-173-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1648-176-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1756-119-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1756-132-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1764-171-0x0000000004F10000-0x0000000004F2D000-memory.dmp

Filesize
116KB

Download
memory/1764-122-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1776-175-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1868-133-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1916-104-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1916-123-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1928-102-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1928-91-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1968-163-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1968-177-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2080-113-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2080-128-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2104-178-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2104-164-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2124-125-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2208-139-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2272-161-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2272-147-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2308-142-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2312-148-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2412-172-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2412-158-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2428-89-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2436-156-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2436-144-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2444-146-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2444-157-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2488-180-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2516-150-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2540-160-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2540-174-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2556-143-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2568-0-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2568-92-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2568-108-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2568-480-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2568-93-0x0000000004DA0000-0x0000000004DBD000-memory.dmp

Filesize
116KB

Download
memory/2568-292-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2568-88-0x0000000004DA0000-0x0000000004DBD000-memory.dmp

Filesize
116KB

Download
memory/2568-53-0x0000000004DA0000-0x0000000004DBD000-memory.dmp

Filesize
116KB

Download
memory/2568-109-0x0000000004DA0000-0x0000000004DBD000-memory.dmp

Filesize
116KB

Download
memory/2584-145-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2668-154-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2668-167-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2704-105-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2712-98-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2712-90-0x0000000004540000-0x000000000455D000-memory.dmp

Filesize
116KB

Download
memory/2712-100-0x0000000004540000-0x000000000455D000-memory.dmp

Filesize
116KB

Download
memory/2732-126-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2748-170-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2764-179-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2792-95-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2796-168-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2800-152-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2800-166-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2860-112-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2860-97-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2860-140-0x0000000005050000-0x000000000506D000-memory.dmp

Filesize
116KB

Download
memory/2864-101-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2864-96-0x0000000004DD0000-0x0000000004DED000-memory.dmp

Filesize
116KB

Download
memory/2864-111-0x0000000004DD0000-0x0000000004DED000-memory.dmp

Filesize
116KB

Download
memory/2880-121-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2880-116-0x0000000000820000-0x000000000083D000-memory.dmp

Filesize
116KB

Download
memory/2948-165-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3012-162-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3012-149-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3020-115-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3020-99-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3168-181-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3176-182-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3188-184-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download