0bb05961911b389ced580d6271c3a525b3adcc3451d5cdfeb67c6914d9e88013

Analysis

max time kernel
32s
max time network
118s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
19/07/2024, 10:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

802dfcffabcdee8eee3b5efa6a317190N.exe
Size

462KB
MD5

802dfcffabcdee8eee3b5efa6a317190
SHA1

68a1224b0d6742cfce2ec4804353463d9454c512
SHA256

0bb05961911b389ced580d6271c3a525b3adcc3451d5cdfeb67c6914d9e88013
SHA512

5acce60e4bf43f6e2d970edacf52be423a1225c4add0f87f000f57b17f4a383509afe6180ba67617b40bfb04b6a89de8aff4ca4cf24c7179015a31eb597303ce
SSDEEP

12288:SEQoSRLdA41zZugAcaKMuXueQu4M/AXP4B6q:S3S+ZuE1Mue+/keT

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1900-0-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/files/0x00080000000165bb-5.dat	upx
behavioral1/memory/1900-59-0x0000000004D40000-0x0000000004D5F000-memory.dmp	upx
behavioral1/memory/2760-60-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/3056-88-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1476-89-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1872-90-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2880-91-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/812-92-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2320-94-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1900-93-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1476-102-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1660-100-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1612-99-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/3056-98-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2760-96-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1872-103-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2056-107-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2200-109-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1328-108-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1560-106-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/812-105-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2880-104-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2792-116-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2892-115-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2440-114-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2320-112-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1880-117-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1200-119-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1612-118-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2472-122-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1520-123-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1960-124-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1916-127-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2440-132-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2892-130-0x0000000004DD0000-0x0000000004DEF000-memory.dmp	upx
behavioral1/memory/2200-129-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1328-128-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1560-125-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2792-133-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2056-126-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2040-135-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1880-134-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1200-136-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1520-138-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1984-139-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2472-137-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1428-140-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2076-143-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2988-141-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1916-144-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1576-146-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1884-145-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1112-149-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2344-148-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2756-152-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2468-151-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2040-150-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1892-158-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2988-157-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2864-156-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2744-155-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1984-154-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1944-161-0x0000000000400000-0x000000000041F000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	802dfcffabcdee8eee3b5efa6a317190N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Q:	802dfcffabcdee8eee3b5efa6a317190N.exe
File opened (read-only)	\??\V:	802dfcffabcdee8eee3b5efa6a317190N.exe
File opened (read-only)	\??\G:	802dfcffabcdee8eee3b5efa6a317190N.exe
File opened (read-only)	\??\H:	802dfcffabcdee8eee3b5efa6a317190N.exe
File opened (read-only)	\??\I:	802dfcffabcdee8eee3b5efa6a317190N.exe
File opened (read-only)	\??\N:	802dfcffabcdee8eee3b5efa6a317190N.exe
File opened (read-only)	\??\O:	802dfcffabcdee8eee3b5efa6a317190N.exe
File opened (read-only)	\??\P:	802dfcffabcdee8eee3b5efa6a317190N.exe
File opened (read-only)	\??\X:	802dfcffabcdee8eee3b5efa6a317190N.exe
File opened (read-only)	\??\A:	802dfcffabcdee8eee3b5efa6a317190N.exe
File opened (read-only)	\??\E:	802dfcffabcdee8eee3b5efa6a317190N.exe
File opened (read-only)	\??\J:	802dfcffabcdee8eee3b5efa6a317190N.exe
File opened (read-only)	\??\M:	802dfcffabcdee8eee3b5efa6a317190N.exe
File opened (read-only)	\??\K:	802dfcffabcdee8eee3b5efa6a317190N.exe
File opened (read-only)	\??\L:	802dfcffabcdee8eee3b5efa6a317190N.exe
File opened (read-only)	\??\S:	802dfcffabcdee8eee3b5efa6a317190N.exe
File opened (read-only)	\??\U:	802dfcffabcdee8eee3b5efa6a317190N.exe
File opened (read-only)	\??\B:	802dfcffabcdee8eee3b5efa6a317190N.exe
File opened (read-only)	\??\R:	802dfcffabcdee8eee3b5efa6a317190N.exe
File opened (read-only)	\??\T:	802dfcffabcdee8eee3b5efa6a317190N.exe
File opened (read-only)	\??\W:	802dfcffabcdee8eee3b5efa6a317190N.exe
File opened (read-only)	\??\Y:	802dfcffabcdee8eee3b5efa6a317190N.exe
File opened (read-only)	\??\Z:	802dfcffabcdee8eee3b5efa6a317190N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\russian porn fucking girls .mpg.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\fucking full movie hole .rar.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\SysWOW64\IME\shared\african beastiality horse sleeping ejaculation .zip.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\malaysia nude lingerie big Ôë .avi.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\SysWOW64\FxsTmp\hardcore hot (!) .zip.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\SysWOW64\IME\shared\cum horse [bangbus] .rar.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\lesbian fucking hot (!) feet boots .avi.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\british handjob hidden mature (Janette,Liz).avi.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\SysWOW64\FxsTmp\bukkake sleeping titts (Karin,Sandy).mpeg.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\System32\DriverStore\Temp\cumshot gay hidden wifey .mpg.exe	802dfcffabcdee8eee3b5efa6a317190N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\hardcore several models feet ejaculation .mpg.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\cumshot hardcore big .mpg.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\kicking girls titts (Britney,Janette).mpg.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\fetish public mature .mpeg.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\sperm hot (!) ash .rar.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\fetish big castration (Christine).mpg.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\italian horse voyeur boobs .mpg.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\asian trambling porn catfight Œß .rar.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\fucking handjob several models hotel .avi.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Program Files\Windows Journal\Templates\cum animal lesbian .rar.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Program Files (x86)\Google\Temp\american beastiality big gorgeoushorny (Ashley,Gina).mpg.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Program Files\DVD Maker\Shared\lingerie sleeping girly (Christine).avi.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\chinese gang bang sleeping mature .zip.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Program Files (x86)\Google\Update\Download\french cumshot handjob [milf] (Curtney).mpeg.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\chinese beast animal uncut blondie (Christine).avi.exe	802dfcffabcdee8eee3b5efa6a317190N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\porn voyeur .zip.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\swedish lingerie catfight .rar.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\asian action animal hidden ejaculation .mpg.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\cumshot beast [bangbus] (Karin,Sonja).avi.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\danish hardcore blowjob public pregnant .avi.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\handjob big (Samantha,Ashley).avi.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\cum big mistress (Sarah).zip.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\canadian cum cumshot [free] ash granny .zip.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\fucking trambling uncut hole .rar.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\gay hidden 40+ .rar.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\gay big .mpg.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\canadian lesbian hardcore masturbation nipples circumcision .avi.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\kicking catfight feet .rar.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\black handjob licking .rar.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\assembly\tmp\swedish animal gay full movie swallow .mpeg.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\italian horse nude [bangbus] .zip.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\african beast action lesbian hole .avi.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\russian horse handjob catfight feet .rar.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\african hardcore full movie 50+ .avi.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\mssrv.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\asian hardcore xxx lesbian .mpg.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\american blowjob big .rar.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\french xxx lesbian sm .mpeg.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\american beastiality sleeping castration (Tatjana,Jenna).mpeg.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\PLA\Templates\danish horse bukkake public .zip.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\animal hidden 50+ (Tatjana,Sylvia).mpeg.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\kicking cumshot catfight .rar.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\beastiality nude masturbation young (Britney,Liz).mpeg.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\german animal fucking uncut glans .zip.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\hardcore hidden (Jenna,Sonja).zip.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\SoftwareDistribution\Download\spanish bukkake horse [milf] .zip.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\french porn porn uncut pregnant .mpeg.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\lesbian gang bang full movie traffic .mpg.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\blowjob [free] (Sylvia,Karin).rar.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\brasilian nude voyeur femdom (Anniston).mpeg.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\brasilian lesbian licking mature .rar.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\asian porn hot (!) glans hairy .mpg.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\british gang bang catfight (Jade).zip.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\gang bang cum hidden (Jenna).zip.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\beastiality action licking redhair .rar.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\canadian handjob licking vagina boots (Tatjana).avi.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\winsxs\InstallTemp\chinese cumshot sleeping beautyfull .mpg.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\kicking catfight .mpg.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\blowjob gang bang [free] circumcision .mpg.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\handjob lesbian vagina 40+ .avi.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\porn several models boots (Britney).rar.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\norwegian blowjob xxx hidden titts .zip.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\indian fetish fucking several models .mpeg.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\german cum beast uncut nipples boots .avi.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\kicking sperm licking .avi.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\british porn action hot (!) ash femdom .zip.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\british kicking [free] ash .avi.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\Downloaded Program Files\lingerie [free] mature .rar.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\horse big glans (Janette,Sandy).mpeg.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\norwegian horse lingerie [bangbus] (Karin).mpg.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\norwegian action hot (!) mistress .zip.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\lesbian sleeping sweet .zip.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\british sperm beast several models hole balls (Britney,Anniston).zip.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\lesbian [bangbus] .avi.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\spanish animal horse hot (!) feet .zip.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\cum voyeur glans young .avi.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\asian blowjob masturbation boobs (Melissa).zip.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\sperm licking bondage .rar.exe	802dfcffabcdee8eee3b5efa6a317190N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\porn voyeur mistress .zip.exe	802dfcffabcdee8eee3b5efa6a317190N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1900	802dfcffabcdee8eee3b5efa6a317190N.exe
2760	802dfcffabcdee8eee3b5efa6a317190N.exe
1900	802dfcffabcdee8eee3b5efa6a317190N.exe
3056	802dfcffabcdee8eee3b5efa6a317190N.exe
1660	802dfcffabcdee8eee3b5efa6a317190N.exe
2760	802dfcffabcdee8eee3b5efa6a317190N.exe
1900	802dfcffabcdee8eee3b5efa6a317190N.exe
1476	802dfcffabcdee8eee3b5efa6a317190N.exe
2880	802dfcffabcdee8eee3b5efa6a317190N.exe
3056	802dfcffabcdee8eee3b5efa6a317190N.exe
1872	802dfcffabcdee8eee3b5efa6a317190N.exe
812	802dfcffabcdee8eee3b5efa6a317190N.exe
2760	802dfcffabcdee8eee3b5efa6a317190N.exe
1660	802dfcffabcdee8eee3b5efa6a317190N.exe
1900	802dfcffabcdee8eee3b5efa6a317190N.exe
2320	802dfcffabcdee8eee3b5efa6a317190N.exe
2892	802dfcffabcdee8eee3b5efa6a317190N.exe
1476	802dfcffabcdee8eee3b5efa6a317190N.exe
1612	802dfcffabcdee8eee3b5efa6a317190N.exe
3056	802dfcffabcdee8eee3b5efa6a317190N.exe
1960	802dfcffabcdee8eee3b5efa6a317190N.exe
1560	802dfcffabcdee8eee3b5efa6a317190N.exe
1872	802dfcffabcdee8eee3b5efa6a317190N.exe
2056	802dfcffabcdee8eee3b5efa6a317190N.exe
2880	802dfcffabcdee8eee3b5efa6a317190N.exe
2200	802dfcffabcdee8eee3b5efa6a317190N.exe
2760	802dfcffabcdee8eee3b5efa6a317190N.exe
1660	802dfcffabcdee8eee3b5efa6a317190N.exe
812	802dfcffabcdee8eee3b5efa6a317190N.exe
1328	802dfcffabcdee8eee3b5efa6a317190N.exe
1900	802dfcffabcdee8eee3b5efa6a317190N.exe
2440	802dfcffabcdee8eee3b5efa6a317190N.exe
1880	802dfcffabcdee8eee3b5efa6a317190N.exe
2792	802dfcffabcdee8eee3b5efa6a317190N.exe
1200	802dfcffabcdee8eee3b5efa6a317190N.exe
2892	802dfcffabcdee8eee3b5efa6a317190N.exe
2472	802dfcffabcdee8eee3b5efa6a317190N.exe
2320	802dfcffabcdee8eee3b5efa6a317190N.exe
1612	802dfcffabcdee8eee3b5efa6a317190N.exe
2880	802dfcffabcdee8eee3b5efa6a317190N.exe
2880	802dfcffabcdee8eee3b5efa6a317190N.exe
1476	802dfcffabcdee8eee3b5efa6a317190N.exe
1476	802dfcffabcdee8eee3b5efa6a317190N.exe
1660	802dfcffabcdee8eee3b5efa6a317190N.exe
1660	802dfcffabcdee8eee3b5efa6a317190N.exe
2760	802dfcffabcdee8eee3b5efa6a317190N.exe
2760	802dfcffabcdee8eee3b5efa6a317190N.exe
3056	802dfcffabcdee8eee3b5efa6a317190N.exe
3056	802dfcffabcdee8eee3b5efa6a317190N.exe
1520	802dfcffabcdee8eee3b5efa6a317190N.exe
1520	802dfcffabcdee8eee3b5efa6a317190N.exe
1872	802dfcffabcdee8eee3b5efa6a317190N.exe
1872	802dfcffabcdee8eee3b5efa6a317190N.exe
812	802dfcffabcdee8eee3b5efa6a317190N.exe
812	802dfcffabcdee8eee3b5efa6a317190N.exe
1428	802dfcffabcdee8eee3b5efa6a317190N.exe
1428	802dfcffabcdee8eee3b5efa6a317190N.exe
2076	802dfcffabcdee8eee3b5efa6a317190N.exe
2076	802dfcffabcdee8eee3b5efa6a317190N.exe
1916	802dfcffabcdee8eee3b5efa6a317190N.exe
1916	802dfcffabcdee8eee3b5efa6a317190N.exe
1884	802dfcffabcdee8eee3b5efa6a317190N.exe
1884	802dfcffabcdee8eee3b5efa6a317190N.exe
1112	802dfcffabcdee8eee3b5efa6a317190N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1900 wrote to memory of 2760	1900	802dfcffabcdee8eee3b5efa6a317190N.exe	30
PID 1900 wrote to memory of 2760	1900	802dfcffabcdee8eee3b5efa6a317190N.exe	30
PID 1900 wrote to memory of 2760	1900	802dfcffabcdee8eee3b5efa6a317190N.exe	30
PID 1900 wrote to memory of 2760	1900	802dfcffabcdee8eee3b5efa6a317190N.exe	30
PID 2760 wrote to memory of 3056	2760	802dfcffabcdee8eee3b5efa6a317190N.exe	31
PID 2760 wrote to memory of 3056	2760	802dfcffabcdee8eee3b5efa6a317190N.exe	31
PID 2760 wrote to memory of 3056	2760	802dfcffabcdee8eee3b5efa6a317190N.exe	31
PID 2760 wrote to memory of 3056	2760	802dfcffabcdee8eee3b5efa6a317190N.exe	31
PID 1900 wrote to memory of 1660	1900	802dfcffabcdee8eee3b5efa6a317190N.exe	32
PID 1900 wrote to memory of 1660	1900	802dfcffabcdee8eee3b5efa6a317190N.exe	32
PID 1900 wrote to memory of 1660	1900	802dfcffabcdee8eee3b5efa6a317190N.exe	32
PID 1900 wrote to memory of 1660	1900	802dfcffabcdee8eee3b5efa6a317190N.exe	32
PID 3056 wrote to memory of 1476	3056	802dfcffabcdee8eee3b5efa6a317190N.exe	33
PID 3056 wrote to memory of 1476	3056	802dfcffabcdee8eee3b5efa6a317190N.exe	33
PID 3056 wrote to memory of 1476	3056	802dfcffabcdee8eee3b5efa6a317190N.exe	33
PID 3056 wrote to memory of 1476	3056	802dfcffabcdee8eee3b5efa6a317190N.exe	33
PID 2760 wrote to memory of 2880	2760	802dfcffabcdee8eee3b5efa6a317190N.exe	34
PID 2760 wrote to memory of 2880	2760	802dfcffabcdee8eee3b5efa6a317190N.exe	34
PID 2760 wrote to memory of 2880	2760	802dfcffabcdee8eee3b5efa6a317190N.exe	34
PID 2760 wrote to memory of 2880	2760	802dfcffabcdee8eee3b5efa6a317190N.exe	34
PID 1660 wrote to memory of 1872	1660	802dfcffabcdee8eee3b5efa6a317190N.exe	35
PID 1660 wrote to memory of 1872	1660	802dfcffabcdee8eee3b5efa6a317190N.exe	35
PID 1660 wrote to memory of 1872	1660	802dfcffabcdee8eee3b5efa6a317190N.exe	35
PID 1660 wrote to memory of 1872	1660	802dfcffabcdee8eee3b5efa6a317190N.exe	35
PID 1900 wrote to memory of 812	1900	802dfcffabcdee8eee3b5efa6a317190N.exe	36
PID 1900 wrote to memory of 812	1900	802dfcffabcdee8eee3b5efa6a317190N.exe	36
PID 1900 wrote to memory of 812	1900	802dfcffabcdee8eee3b5efa6a317190N.exe	36
PID 1900 wrote to memory of 812	1900	802dfcffabcdee8eee3b5efa6a317190N.exe	36
PID 1476 wrote to memory of 2320	1476	802dfcffabcdee8eee3b5efa6a317190N.exe	37
PID 1476 wrote to memory of 2320	1476	802dfcffabcdee8eee3b5efa6a317190N.exe	37
PID 1476 wrote to memory of 2320	1476	802dfcffabcdee8eee3b5efa6a317190N.exe	37
PID 1476 wrote to memory of 2320	1476	802dfcffabcdee8eee3b5efa6a317190N.exe	37
PID 3056 wrote to memory of 2892	3056	802dfcffabcdee8eee3b5efa6a317190N.exe	38
PID 3056 wrote to memory of 2892	3056	802dfcffabcdee8eee3b5efa6a317190N.exe	38
PID 3056 wrote to memory of 2892	3056	802dfcffabcdee8eee3b5efa6a317190N.exe	38
PID 3056 wrote to memory of 2892	3056	802dfcffabcdee8eee3b5efa6a317190N.exe	38
PID 1872 wrote to memory of 1960	1872	802dfcffabcdee8eee3b5efa6a317190N.exe	39
PID 1872 wrote to memory of 1960	1872	802dfcffabcdee8eee3b5efa6a317190N.exe	39
PID 1872 wrote to memory of 1960	1872	802dfcffabcdee8eee3b5efa6a317190N.exe	39
PID 1872 wrote to memory of 1960	1872	802dfcffabcdee8eee3b5efa6a317190N.exe	39
PID 2880 wrote to memory of 1612	2880	802dfcffabcdee8eee3b5efa6a317190N.exe	40
PID 2880 wrote to memory of 1612	2880	802dfcffabcdee8eee3b5efa6a317190N.exe	40
PID 2880 wrote to memory of 1612	2880	802dfcffabcdee8eee3b5efa6a317190N.exe	40
PID 2880 wrote to memory of 1612	2880	802dfcffabcdee8eee3b5efa6a317190N.exe	40
PID 2760 wrote to memory of 1560	2760	802dfcffabcdee8eee3b5efa6a317190N.exe	41
PID 2760 wrote to memory of 1560	2760	802dfcffabcdee8eee3b5efa6a317190N.exe	41
PID 2760 wrote to memory of 1560	2760	802dfcffabcdee8eee3b5efa6a317190N.exe	41
PID 2760 wrote to memory of 1560	2760	802dfcffabcdee8eee3b5efa6a317190N.exe	41
PID 1660 wrote to memory of 1328	1660	802dfcffabcdee8eee3b5efa6a317190N.exe	43
PID 1660 wrote to memory of 1328	1660	802dfcffabcdee8eee3b5efa6a317190N.exe	43
PID 1660 wrote to memory of 1328	1660	802dfcffabcdee8eee3b5efa6a317190N.exe	43
PID 1660 wrote to memory of 1328	1660	802dfcffabcdee8eee3b5efa6a317190N.exe	43
PID 812 wrote to memory of 2056	812	802dfcffabcdee8eee3b5efa6a317190N.exe	42
PID 812 wrote to memory of 2056	812	802dfcffabcdee8eee3b5efa6a317190N.exe	42
PID 812 wrote to memory of 2056	812	802dfcffabcdee8eee3b5efa6a317190N.exe	42
PID 812 wrote to memory of 2056	812	802dfcffabcdee8eee3b5efa6a317190N.exe	42
PID 1900 wrote to memory of 2200	1900	802dfcffabcdee8eee3b5efa6a317190N.exe	44
PID 1900 wrote to memory of 2200	1900	802dfcffabcdee8eee3b5efa6a317190N.exe	44
PID 1900 wrote to memory of 2200	1900	802dfcffabcdee8eee3b5efa6a317190N.exe	44
PID 1900 wrote to memory of 2200	1900	802dfcffabcdee8eee3b5efa6a317190N.exe	44
PID 2892 wrote to memory of 2440	2892	802dfcffabcdee8eee3b5efa6a317190N.exe	45
PID 2892 wrote to memory of 2440	2892	802dfcffabcdee8eee3b5efa6a317190N.exe	45
PID 2892 wrote to memory of 2440	2892	802dfcffabcdee8eee3b5efa6a317190N.exe	45
PID 2892 wrote to memory of 2440	2892	802dfcffabcdee8eee3b5efa6a317190N.exe	45

C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
"C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1900
- C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
  "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2760
- - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
    "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3056
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1476
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2320
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        8⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        9⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        10⤵
        
        PID:10952
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        9⤵
        
        PID:8180
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        9⤵
        
        PID:13716
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        9⤵
        
        PID:19168
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        8⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        9⤵
        
        PID:8352
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        9⤵
        
        PID:19664
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        8⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        8⤵
        
        PID:9168
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        8⤵
        
        PID:19184
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        8⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        8⤵
        
        PID:9528
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        8⤵
        
        PID:9480
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        8⤵
        
        PID:19992
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:7268
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:13608
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        8⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        8⤵
        
        PID:10564
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        8⤵
        
        PID:10644
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        8⤵
        
        PID:12252
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:7536
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:10376
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:21824
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:10184
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:10168
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:21800
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:8056
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:14112
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:19648
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2792
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        8⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        9⤵
        
        PID:10832
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        8⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        8⤵
        
        PID:14240
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        8⤵
        
        PID:20816
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        8⤵
        
        PID:9600
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:10772
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:10080
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:19516
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:9128
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:19244
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:7452
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:11656
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:3020
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:6656
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:10968
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:19968
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:11304
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:19584
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:8712
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:13624
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:3960
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:6332
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:10176
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:21816
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:5268
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:10720
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:18300
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:7480
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:10412
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:19228
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2892
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2440
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        8⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        9⤵
        
        PID:10984
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        9⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        8⤵
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        8⤵
        
        PID:14228
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        8⤵
        
        PID:7864
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        8⤵
        
        PID:10404
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        8⤵
        
        PID:18440
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:9536
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:9956
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:20028
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:9496
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:18464
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:7472
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:11640
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:2864
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:10136
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:19928
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:10200
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:11088
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:8036
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:13704
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:3640
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:6020
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:9160
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:19888
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:5080
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:9504
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:19208
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:7332
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:13596
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:19816
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1200
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:2744
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:10128
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:21808
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:10192
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:21600
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:7916
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:13684
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:19752
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:3648
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:12108
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:9568
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:6084
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:5092
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:10004
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:19952
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:7300
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:13552
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:1172
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:4192
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:7764
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:11680
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:19536
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:6000
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:9964
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:4088
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:7144
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:10652
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:7140
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:5580
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:10976
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:8100
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:14036
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:19160
- - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
    "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2880
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1612
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2472
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        8⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        8⤵
        
        PID:9120
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        8⤵
        
        PID:19236
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        8⤵
        
        PID:10428
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        8⤵
        
        PID:18448
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:8208
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:13632
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:9972
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:19936
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:9908
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:19504
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:7932
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:14180
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:19632
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:2820
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:9472
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:10708
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:7440
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:10608
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:20036
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:3688
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:5796
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:9980
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:19912
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:4820
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:10012
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:19920
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:7808
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:13776
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1520
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:2708
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:8932
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:13660
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:20084
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:7428
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:12080
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:4308
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:7832
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:13768
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:19824
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:6116
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:10104
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:12864
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:860
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:3192
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:6972
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:9552
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:5680
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:10992
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:8724
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:14388
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:17976
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:3944
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:6408
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:10144
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:5228
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:10696
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:19960
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:7424
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:10636
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:19904
- - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
    "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1560
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1112
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:3088
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:10060
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:7444
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:11696
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:4456
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:7068
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:9200
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:19256
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:6448
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:10536
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:3004
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:4544
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:8748
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:14300
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:7084
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:9544
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:19200
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:4252
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:7524
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:11352
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:13800
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:6064
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:10112
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:19496
- - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
    "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1916
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:972
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:4976
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:9608
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:7408
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:11648
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:4360
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:7840
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:13852
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:19576
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:6056
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:11256
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:20052
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:10044
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:19864
- - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
    "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
    3⤵
    PID:2052
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:4112
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:7380
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:11632
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:5920
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:9560
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:19176
- - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
    "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
    3⤵
    PID:4060
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:6512
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:10492
- - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
    "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
    3⤵
    PID:5504
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:10812
- - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
    "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
    3⤵
    PID:7956
- - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
    "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
    3⤵
    PID:13808
- C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
  "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1660
- - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
    "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1872
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1960
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:2040
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        8⤵
        
        PID:9488
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        8⤵
        
        PID:20012
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:7988
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:13760
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:14192
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:19640
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:6544
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:10160
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:19984
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:1556
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:8876
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:13640
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:6784
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:10052
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:19844
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:4244
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:7632
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:11688
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:18148
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:6072
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:13452
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:9576
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1428
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:2620
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:9592
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:19216
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:7356
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:13576
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:4316
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:7944
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:14172
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:19624
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:5708
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:10020
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:648
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:4284
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:7668
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:11664
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:19560
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:6128
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:9988
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:19800
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:3152
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:7076
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:9192
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:19680
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:5672
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:11312
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:7652
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:14044
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:19488
- - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
    "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1328
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:1576
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:3408
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:10840
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:10340
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:8076
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:14404
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:19772
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:4632
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:9584
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:19880
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:6620
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:10780
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:3184
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:5248
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:10672
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:19944
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:7552
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:10420
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:5256
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:4488
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:8084
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:13844
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:19568
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:6500
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:10544
- - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
    "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2076
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:2616
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:4952
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:9144
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:19672
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:7392
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:11672
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:17968
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:4368
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:8008
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:13568
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:5424
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:10096
- - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
    "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
    3⤵
    PID:2532
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:4136
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:7244
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:11704
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:19872
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:5896
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:11248
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:9152
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:19692
- - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
    "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
    3⤵
    PID:4052
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:6692
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:9996
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:19976
- - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
    "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
    3⤵
    PID:5496
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:10960
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:20004
- - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
    "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
    3⤵
    PID:7436
- - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
    "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
    3⤵
    PID:13752
- - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
    "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
    3⤵
    PID:20092
- C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
  "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:812
- - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
    "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2056
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:2988
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:3324
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        7⤵
        
        PID:10068
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:8064
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:14104
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:19192
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:4640
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:7560
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:13744
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:20472
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:7124
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:9184
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:14212
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:3096
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:5144
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:10036
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:19896
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:8016
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:13792
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:4436
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:8144
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:14276
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:7132
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:9176
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:19264
- - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
    "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1884
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:1152
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:4996
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:9136
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:19712
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:7260
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:13616
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:20144
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:4352
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:7816
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:13724
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:20076
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:5972
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:9948
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:19852
- - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
    "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
    3⤵
    PID:1664
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:4212
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:7824
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:13692
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:6040
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:10088
- - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
    "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
    3⤵
    PID:4076
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:6344
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:10152
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:19720
- - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
    "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
    3⤵
    PID:5556
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:10824
- - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
    "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
    3⤵
    PID:8200
- - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
    "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
    3⤵
    PID:14220
- C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
  "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2200
- - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
    "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
    3⤵
    PID:1944
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:3356
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:5412
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:7804
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:13732
      - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        6⤵
        
        PID:20872
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:7548
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:13648
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:20020
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:4596
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:7060
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:9208
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:19704
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:6724
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:11236
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:19592
- - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
    "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
    3⤵
    PID:3108
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:4852
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:10028
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:19808
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:7900
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:14200
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:17984
- - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
    "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
    3⤵
    PID:4448
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:8740
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:14420
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:18456
- - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
    "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
    3⤵
    PID:6532
- - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
    "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
    3⤵
    PID:10628
- C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
  "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
  2⤵
  PID:1984
- - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
    "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
    3⤵
    PID:3252
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:5368
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:10680
    - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
        5⤵
        
        PID:20400
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:7624
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:10620
- - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
    "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
    3⤵
    PID:4516
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:8704
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:13656
- - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
    "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
    3⤵
    PID:6800
- - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
    "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
    3⤵
    PID:9520
- - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
    "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
    3⤵
    PID:18008
- C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
  "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
  2⤵
  PID:840
- - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
    "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
    3⤵
    PID:5052
  - - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
      "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
      4⤵
      PID:9512
- - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
    "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
    3⤵
    PID:7292
- - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
    "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
    3⤵
    PID:13588
- - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
    "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
    3⤵
    PID:20044
- C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
  "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
  2⤵
  PID:4376
- - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
    "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
    3⤵
    PID:7848
- - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
    "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
    3⤵
    PID:13544
- - C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
    "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
    3⤵
    PID:19784
- C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
  "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
  2⤵
  PID:6108
- C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
  "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
  2⤵
  PID:10120
- C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe
  "C:\Users\Admin\AppData\Local\Temp\802dfcffabcdee8eee3b5efa6a317190N.exe"
  2⤵
  PID:12204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\sperm hot (!) ash .rar.exe

Filesize
465KB

MD5
cf612312e598790b005979f1e8256d80

SHA1
141c4bfcb0f363a15dab289a90252b50cab2111b

SHA256
874c74a5e4c3f114283394bd0e9add834cc5920246986a5a4ce83a965784c855

SHA512
83cb8b5d0e8c663437515140f1d50b18146bf1d463cdbd1668e616cb799bed6d3c167de809e8b04027ae6cfb0fcf4f7f94a4cfe31ba196bf0f30b8aa88c0fe5c

Download Submit
C:\debug.txt

Filesize
183B

MD5
4b91fd30c372b295c6077f7c5f871789

SHA1
a6850a3a944f64b60fe888d9aeb6c8d79edd8229

SHA256
2c2b019fdc5713cc6d4ddbe382f702869650635dea4c90124b79be1e0a60a82c

SHA512
f568d5b24bf9003fa1502169a6cffc4c83899dd1d1de01f4267d09e61253028d0be4e7aaa95db9f5bde490affd8c61fd9078c849ac6280ff8e76580dd842f64a

Download Submit
memory/812-92-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/812-105-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/812-120-0x0000000004DD0000-0x0000000004DEF000-memory.dmp

Filesize
124KB

Download
memory/812-101-0x0000000004DD0000-0x0000000004DEF000-memory.dmp

Filesize
124KB

Download
memory/812-172-0x0000000004F10000-0x0000000004F2F000-memory.dmp

Filesize
124KB

Download
memory/860-176-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1112-149-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1200-136-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1200-119-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1328-108-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1328-128-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1428-181-0x0000000004E10000-0x0000000004E2F000-memory.dmp

Filesize
124KB

Download
memory/1428-140-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1476-102-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1476-89-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1520-123-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1520-138-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1560-125-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1560-106-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1576-146-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1576-162-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1612-118-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1612-99-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1612-121-0x0000000004DD0000-0x0000000004DEF000-memory.dmp

Filesize
124KB

Download
memory/1660-100-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1660-179-0x0000000005060000-0x000000000507F000-memory.dmp

Filesize
124KB

Download
memory/1660-168-0x0000000005060000-0x000000000507F000-memory.dmp

Filesize
124KB

Download
memory/1872-103-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1872-90-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1872-97-0x0000000004AA0000-0x0000000004ABF000-memory.dmp

Filesize
124KB

Download
memory/1880-117-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1880-134-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1884-145-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1892-158-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1892-173-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1900-0-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1900-59-0x0000000004D40000-0x0000000004D5F000-memory.dmp

Filesize
124KB

Download
memory/1900-153-0x0000000004FA0000-0x0000000004FBF000-memory.dmp

Filesize
124KB

Download
memory/1900-93-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1916-144-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1916-127-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1944-161-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1960-124-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1984-139-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1984-154-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2040-150-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2040-135-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2052-182-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2056-126-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2056-107-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2076-143-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2200-129-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2200-159-0x0000000004680000-0x000000000469F000-memory.dmp

Filesize
124KB

Download
memory/2200-142-0x0000000004680000-0x000000000469F000-memory.dmp

Filesize
124KB

Download
memory/2200-109-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2320-112-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2320-131-0x0000000001E20000-0x0000000001E3F000-memory.dmp

Filesize
124KB

Download
memory/2320-94-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2320-113-0x0000000001E20000-0x0000000001E3F000-memory.dmp

Filesize
124KB

Download
memory/2344-148-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2344-163-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2440-164-0x0000000004DD0000-0x0000000004DEF000-memory.dmp

Filesize
124KB

Download
memory/2440-132-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2440-114-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2468-151-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2468-166-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2472-160-0x0000000004DD0000-0x0000000004DEF000-memory.dmp

Filesize
124KB

Download
memory/2472-137-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2472-122-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2532-180-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2592-174-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2744-169-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2744-155-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2756-152-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2756-167-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2760-87-0x0000000004540000-0x000000000455F000-memory.dmp

Filesize
124KB

Download
memory/2760-60-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2760-96-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2792-116-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2792-133-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2820-175-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2864-170-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2864-156-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2880-104-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2880-91-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2892-115-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2892-130-0x0000000004DD0000-0x0000000004DEF000-memory.dmp

Filesize
124KB

Download
memory/2988-157-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2988-141-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3004-178-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3020-165-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3020-177-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3056-171-0x0000000004F20000-0x0000000004F3F000-memory.dmp

Filesize
124KB

Download
memory/3056-95-0x0000000004F20000-0x0000000004F3F000-memory.dmp

Filesize
124KB

Download
memory/3056-98-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3056-88-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download