1ef6ef3df4ca87927b3230e274952c7e2feb51c3fef27d03f522b7676cda573b

Analysis

max time kernel
32s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
19/07/2024, 09:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7c219fa1717f546496d93163a69711f0N.exe
Size

442KB
MD5

7c219fa1717f546496d93163a69711f0
SHA1

a64d567c0a1b4d8c57ad1273eaa9eb395bd8a110
SHA256

1ef6ef3df4ca87927b3230e274952c7e2feb51c3fef27d03f522b7676cda573b
SHA512

c1038ab1ebf5206735cc8997cdb4c4bcee88cc3a118c178ced6e571ffa79712887726690ea13c65b9fcbf499f8c093819c1a78dd30668954c3240b7fd7a0b271
SSDEEP

12288:A//vi9BRNuee0jcEsb52TXT/2UGQxLB1pW6WStK2P1NW51UNJnh50:2wRNuz0jcjN2DTOUGi1hK2T0+NhY

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	7c219fa1717f546496d93163a69711f0N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Q:	7c219fa1717f546496d93163a69711f0N.exe
File opened (read-only)	\??\W:	7c219fa1717f546496d93163a69711f0N.exe
File opened (read-only)	\??\K:	7c219fa1717f546496d93163a69711f0N.exe
File opened (read-only)	\??\N:	7c219fa1717f546496d93163a69711f0N.exe
File opened (read-only)	\??\O:	7c219fa1717f546496d93163a69711f0N.exe
File opened (read-only)	\??\I:	7c219fa1717f546496d93163a69711f0N.exe
File opened (read-only)	\??\J:	7c219fa1717f546496d93163a69711f0N.exe
File opened (read-only)	\??\M:	7c219fa1717f546496d93163a69711f0N.exe
File opened (read-only)	\??\R:	7c219fa1717f546496d93163a69711f0N.exe
File opened (read-only)	\??\S:	7c219fa1717f546496d93163a69711f0N.exe
File opened (read-only)	\??\B:	7c219fa1717f546496d93163a69711f0N.exe
File opened (read-only)	\??\E:	7c219fa1717f546496d93163a69711f0N.exe
File opened (read-only)	\??\G:	7c219fa1717f546496d93163a69711f0N.exe
File opened (read-only)	\??\Y:	7c219fa1717f546496d93163a69711f0N.exe
File opened (read-only)	\??\T:	7c219fa1717f546496d93163a69711f0N.exe
File opened (read-only)	\??\V:	7c219fa1717f546496d93163a69711f0N.exe
File opened (read-only)	\??\X:	7c219fa1717f546496d93163a69711f0N.exe
File opened (read-only)	\??\A:	7c219fa1717f546496d93163a69711f0N.exe
File opened (read-only)	\??\L:	7c219fa1717f546496d93163a69711f0N.exe
File opened (read-only)	\??\Z:	7c219fa1717f546496d93163a69711f0N.exe
File opened (read-only)	\??\H:	7c219fa1717f546496d93163a69711f0N.exe
File opened (read-only)	\??\P:	7c219fa1717f546496d93163a69711f0N.exe
File opened (read-only)	\??\U:	7c219fa1717f546496d93163a69711f0N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\FxsTmp\swedish fetish horse voyeur glans wifey (Sylvia).zip.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\american cumshot fucking full movie (Curtney).zip.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\SysWOW64\IME\shared\beast full movie hole .mpg.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\italian fetish blowjob catfight YEâPSè& (Gina,Tatjana).rar.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\System32\DriverStore\Temp\gay [bangbus] circumcision .rar.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\SysWOW64\IME\shared\american porn horse sleeping feet shower .mpeg.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\danish gang bang blowjob sleeping glans bondage (Jade).zip.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\italian handjob hardcore [free] .zip.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\italian action fucking masturbation hotel .mpg.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\beastiality hardcore licking titts ash .rar.exe	7c219fa1717f546496d93163a69711f0N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\russian cum lingerie hidden hole ìï .avi.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\italian handjob xxx big .mpg.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\hardcore lesbian sweet .zip.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Program Files (x86)\Google\Update\Download\danish handjob lingerie sleeping pregnant (Gina,Sylvia).zip.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Program Files\Windows Journal\Templates\asian fucking big hole YEâPSè& (Melissa).zip.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\chinese bukkake lesbian glans .rar.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\horse catfight sweet .mpg.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\japanese porn lesbian several models titts bondage (Melissa).avi.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\tyrkish gang bang bukkake catfight cock circumcision (Tatjana).avi.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\danish beastiality beast lesbian .avi.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\danish kicking blowjob several models glans 40+ .avi.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\russian beastiality xxx voyeur (Janette).avi.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Program Files (x86)\Google\Temp\swedish cum lingerie several models latex .zip.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\lesbian licking .rar.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\lesbian [milf] (Liz).zip.exe	7c219fa1717f546496d93163a69711f0N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\mssrv.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\russian cumshot lingerie licking (Liz).rar.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\gay licking (Curtney).avi.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\gang bang hardcore several models titts stockings (Samantha).avi.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\spanish blowjob [bangbus] glans 50+ .avi.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\german bukkake [milf] shoes .rar.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\british xxx girls femdom (Christine,Janette).mpeg.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\beastiality hardcore sleeping titts black hairunshaved .mpg.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\russian cumshot lingerie catfight ash .rar.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\kicking gay full movie hole (Sandy,Jade).avi.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\african xxx catfight (Karin).rar.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\french xxx voyeur 40+ .rar.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\porn fucking big (Curtney).rar.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\spanish gay big latex (Gina,Sylvia).rar.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\indian nude lesbian full movie (Jade).mpg.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\horse gay catfight glans blondie .rar.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\hardcore public cock hotel .rar.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\porn blowjob full movie (Melissa).zip.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\canadian lingerie voyeur upskirt (Britney,Karin).avi.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\cumshot horse hot (!) upskirt .rar.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\blowjob hidden titts (Gina,Jade).rar.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\swedish cum hardcore girls hole .mpeg.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\danish handjob trambling voyeur glans granny .avi.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\asian lesbian public glans fishy (Liz).avi.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\bukkake catfight hole circumcision .avi.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\assembly\temp\swedish horse trambling girls cock ìï (Tatjana).rar.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\kicking trambling voyeur mature (Anniston,Melissa).zip.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\lingerie girls hole sm .mpeg.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\swedish nude lesbian catfight boots (Jenna,Samantha).rar.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\italian kicking sperm hot (!) cock .mpg.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\PLA\Templates\xxx voyeur upskirt .mpeg.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\spanish horse [free] hole swallow .zip.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\french xxx lesbian .zip.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\horse fucking sleeping feet .mpg.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\fetish hardcore hidden (Janette).mpeg.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\xxx hidden hole .zip.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\japanese cumshot beast lesbian feet ìï (Samantha).rar.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\indian kicking bukkake big cock hairy .mpg.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\african horse girls feet boots .mpeg.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\bukkake big bondage .zip.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\Downloaded Program Files\russian gang bang beast public hole blondie .mpg.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\lesbian full movie feet fishy .mpg.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\black cumshot sperm [milf] .mpg.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\norwegian gay [milf] titts bedroom .zip.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\animal beast licking glans (Ashley,Janette).rar.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\british sperm masturbation .avi.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\fucking full movie cock .rar.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\gay [bangbus] .zip.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\SoftwareDistribution\Download\black gang bang sperm masturbation (Melissa).zip.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\chinese lingerie [milf] feet girly (Samantha).avi.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\german lesbian lesbian high heels .rar.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\japanese beastiality xxx public glans .avi.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\security\templates\brasilian cum lingerie voyeur YEâPSè& (Britney,Tatjana).zip.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\chinese fucking public gorgeoushorny .avi.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\african lesbian sleeping titts .avi.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\brasilian horse hardcore sleeping bedroom .mpg.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\danish cum horse licking pregnant .mpg.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\swedish gang bang hardcore [free] hole leather (Liz).zip.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\asian xxx big hairy .rar.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\lesbian uncut YEâPSè& .mpg.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\trambling several models girly .mpg.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\nude sperm masturbation cock upskirt (Sylvia).mpg.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\japanese animal sperm hidden lady .mpeg.exe	7c219fa1717f546496d93163a69711f0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\animal lesbian full movie latex .avi.exe	7c219fa1717f546496d93163a69711f0N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1620	7c219fa1717f546496d93163a69711f0N.exe
2312	7c219fa1717f546496d93163a69711f0N.exe
1620	7c219fa1717f546496d93163a69711f0N.exe
2616	7c219fa1717f546496d93163a69711f0N.exe
316	7c219fa1717f546496d93163a69711f0N.exe
2312	7c219fa1717f546496d93163a69711f0N.exe
1620	7c219fa1717f546496d93163a69711f0N.exe
876	7c219fa1717f546496d93163a69711f0N.exe
1624	7c219fa1717f546496d93163a69711f0N.exe
2400	7c219fa1717f546496d93163a69711f0N.exe
2832	7c219fa1717f546496d93163a69711f0N.exe
2616	7c219fa1717f546496d93163a69711f0N.exe
2312	7c219fa1717f546496d93163a69711f0N.exe
316	7c219fa1717f546496d93163a69711f0N.exe
1620	7c219fa1717f546496d93163a69711f0N.exe
1204	7c219fa1717f546496d93163a69711f0N.exe
2648	7c219fa1717f546496d93163a69711f0N.exe
1876	7c219fa1717f546496d93163a69711f0N.exe
2400	7c219fa1717f546496d93163a69711f0N.exe
876	7c219fa1717f546496d93163a69711f0N.exe
1916	7c219fa1717f546496d93163a69711f0N.exe
2840	7c219fa1717f546496d93163a69711f0N.exe
2948	7c219fa1717f546496d93163a69711f0N.exe
1624	7c219fa1717f546496d93163a69711f0N.exe
1964	7c219fa1717f546496d93163a69711f0N.exe
2312	7c219fa1717f546496d93163a69711f0N.exe
316	7c219fa1717f546496d93163a69711f0N.exe
2952	7c219fa1717f546496d93163a69711f0N.exe
2832	7c219fa1717f546496d93163a69711f0N.exe
2616	7c219fa1717f546496d93163a69711f0N.exe
1620	7c219fa1717f546496d93163a69711f0N.exe
2104	7c219fa1717f546496d93163a69711f0N.exe
2448	7c219fa1717f546496d93163a69711f0N.exe
2184	7c219fa1717f546496d93163a69711f0N.exe
1204	7c219fa1717f546496d93163a69711f0N.exe
1708	7c219fa1717f546496d93163a69711f0N.exe
3052	7c219fa1717f546496d93163a69711f0N.exe
1876	7c219fa1717f546496d93163a69711f0N.exe
2400	7c219fa1717f546496d93163a69711f0N.exe
2176	7c219fa1717f546496d93163a69711f0N.exe
2176	7c219fa1717f546496d93163a69711f0N.exe
1916	7c219fa1717f546496d93163a69711f0N.exe
1916	7c219fa1717f546496d93163a69711f0N.exe
828	7c219fa1717f546496d93163a69711f0N.exe
828	7c219fa1717f546496d93163a69711f0N.exe
2648	7c219fa1717f546496d93163a69711f0N.exe
2648	7c219fa1717f546496d93163a69711f0N.exe
876	7c219fa1717f546496d93163a69711f0N.exe
876	7c219fa1717f546496d93163a69711f0N.exe
1632	7c219fa1717f546496d93163a69711f0N.exe
1632	7c219fa1717f546496d93163a69711f0N.exe
1664	7c219fa1717f546496d93163a69711f0N.exe
1664	7c219fa1717f546496d93163a69711f0N.exe
2840	7c219fa1717f546496d93163a69711f0N.exe
2840	7c219fa1717f546496d93163a69711f0N.exe
2312	7c219fa1717f546496d93163a69711f0N.exe
2312	7c219fa1717f546496d93163a69711f0N.exe
2116	7c219fa1717f546496d93163a69711f0N.exe
2116	7c219fa1717f546496d93163a69711f0N.exe
1624	7c219fa1717f546496d93163a69711f0N.exe
316	7c219fa1717f546496d93163a69711f0N.exe
316	7c219fa1717f546496d93163a69711f0N.exe
2676	7c219fa1717f546496d93163a69711f0N.exe
1624	7c219fa1717f546496d93163a69711f0N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1620 wrote to memory of 2312	1620	7c219fa1717f546496d93163a69711f0N.exe	30
PID 1620 wrote to memory of 2312	1620	7c219fa1717f546496d93163a69711f0N.exe	30
PID 1620 wrote to memory of 2312	1620	7c219fa1717f546496d93163a69711f0N.exe	30
PID 1620 wrote to memory of 2312	1620	7c219fa1717f546496d93163a69711f0N.exe	30
PID 2312 wrote to memory of 2616	2312	7c219fa1717f546496d93163a69711f0N.exe	31
PID 2312 wrote to memory of 2616	2312	7c219fa1717f546496d93163a69711f0N.exe	31
PID 2312 wrote to memory of 2616	2312	7c219fa1717f546496d93163a69711f0N.exe	31
PID 2312 wrote to memory of 2616	2312	7c219fa1717f546496d93163a69711f0N.exe	31
PID 1620 wrote to memory of 316	1620	7c219fa1717f546496d93163a69711f0N.exe	32
PID 1620 wrote to memory of 316	1620	7c219fa1717f546496d93163a69711f0N.exe	32
PID 1620 wrote to memory of 316	1620	7c219fa1717f546496d93163a69711f0N.exe	32
PID 1620 wrote to memory of 316	1620	7c219fa1717f546496d93163a69711f0N.exe	32
PID 2616 wrote to memory of 876	2616	7c219fa1717f546496d93163a69711f0N.exe	33
PID 2616 wrote to memory of 876	2616	7c219fa1717f546496d93163a69711f0N.exe	33
PID 2616 wrote to memory of 876	2616	7c219fa1717f546496d93163a69711f0N.exe	33
PID 2616 wrote to memory of 876	2616	7c219fa1717f546496d93163a69711f0N.exe	33
PID 2312 wrote to memory of 1624	2312	7c219fa1717f546496d93163a69711f0N.exe	35
PID 2312 wrote to memory of 1624	2312	7c219fa1717f546496d93163a69711f0N.exe	35
PID 2312 wrote to memory of 1624	2312	7c219fa1717f546496d93163a69711f0N.exe	35
PID 2312 wrote to memory of 1624	2312	7c219fa1717f546496d93163a69711f0N.exe	35
PID 316 wrote to memory of 2400	316	7c219fa1717f546496d93163a69711f0N.exe	34
PID 316 wrote to memory of 2400	316	7c219fa1717f546496d93163a69711f0N.exe	34
PID 316 wrote to memory of 2400	316	7c219fa1717f546496d93163a69711f0N.exe	34
PID 316 wrote to memory of 2400	316	7c219fa1717f546496d93163a69711f0N.exe	34
PID 1620 wrote to memory of 2832	1620	7c219fa1717f546496d93163a69711f0N.exe	36
PID 1620 wrote to memory of 2832	1620	7c219fa1717f546496d93163a69711f0N.exe	36
PID 1620 wrote to memory of 2832	1620	7c219fa1717f546496d93163a69711f0N.exe	36
PID 1620 wrote to memory of 2832	1620	7c219fa1717f546496d93163a69711f0N.exe	36
PID 2400 wrote to memory of 1204	2400	7c219fa1717f546496d93163a69711f0N.exe	38
PID 2400 wrote to memory of 1204	2400	7c219fa1717f546496d93163a69711f0N.exe	38
PID 2400 wrote to memory of 1204	2400	7c219fa1717f546496d93163a69711f0N.exe	38
PID 2400 wrote to memory of 1204	2400	7c219fa1717f546496d93163a69711f0N.exe	38
PID 876 wrote to memory of 2648	876	7c219fa1717f546496d93163a69711f0N.exe	39
PID 876 wrote to memory of 2648	876	7c219fa1717f546496d93163a69711f0N.exe	39
PID 876 wrote to memory of 2648	876	7c219fa1717f546496d93163a69711f0N.exe	39
PID 876 wrote to memory of 2648	876	7c219fa1717f546496d93163a69711f0N.exe	39
PID 1624 wrote to memory of 1876	1624	7c219fa1717f546496d93163a69711f0N.exe	40
PID 1624 wrote to memory of 1876	1624	7c219fa1717f546496d93163a69711f0N.exe	40
PID 1624 wrote to memory of 1876	1624	7c219fa1717f546496d93163a69711f0N.exe	40
PID 1624 wrote to memory of 1876	1624	7c219fa1717f546496d93163a69711f0N.exe	40
PID 2312 wrote to memory of 2840	2312	7c219fa1717f546496d93163a69711f0N.exe	41
PID 2312 wrote to memory of 2840	2312	7c219fa1717f546496d93163a69711f0N.exe	41
PID 2312 wrote to memory of 2840	2312	7c219fa1717f546496d93163a69711f0N.exe	41
PID 2312 wrote to memory of 2840	2312	7c219fa1717f546496d93163a69711f0N.exe	41
PID 316 wrote to memory of 1916	316	7c219fa1717f546496d93163a69711f0N.exe	42
PID 316 wrote to memory of 1916	316	7c219fa1717f546496d93163a69711f0N.exe	42
PID 316 wrote to memory of 1916	316	7c219fa1717f546496d93163a69711f0N.exe	42
PID 316 wrote to memory of 1916	316	7c219fa1717f546496d93163a69711f0N.exe	42
PID 2616 wrote to memory of 1964	2616	7c219fa1717f546496d93163a69711f0N.exe	43
PID 2616 wrote to memory of 1964	2616	7c219fa1717f546496d93163a69711f0N.exe	43
PID 2616 wrote to memory of 1964	2616	7c219fa1717f546496d93163a69711f0N.exe	43
PID 2616 wrote to memory of 1964	2616	7c219fa1717f546496d93163a69711f0N.exe	43
PID 2832 wrote to memory of 2948	2832	7c219fa1717f546496d93163a69711f0N.exe	44
PID 2832 wrote to memory of 2948	2832	7c219fa1717f546496d93163a69711f0N.exe	44
PID 2832 wrote to memory of 2948	2832	7c219fa1717f546496d93163a69711f0N.exe	44
PID 2832 wrote to memory of 2948	2832	7c219fa1717f546496d93163a69711f0N.exe	44
PID 1620 wrote to memory of 2952	1620	7c219fa1717f546496d93163a69711f0N.exe	45
PID 1620 wrote to memory of 2952	1620	7c219fa1717f546496d93163a69711f0N.exe	45
PID 1620 wrote to memory of 2952	1620	7c219fa1717f546496d93163a69711f0N.exe	45
PID 1620 wrote to memory of 2952	1620	7c219fa1717f546496d93163a69711f0N.exe	45
PID 1204 wrote to memory of 2104	1204	7c219fa1717f546496d93163a69711f0N.exe	46
PID 1204 wrote to memory of 2104	1204	7c219fa1717f546496d93163a69711f0N.exe	46
PID 1204 wrote to memory of 2104	1204	7c219fa1717f546496d93163a69711f0N.exe	46
PID 1204 wrote to memory of 2104	1204	7c219fa1717f546496d93163a69711f0N.exe	46

C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
"C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1620
- C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2312
- - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2616
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:876
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2648
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        8⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        9⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        10⤵
        
        PID:12216
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        10⤵
        
        PID:22096
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        9⤵
        
        PID:8876
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        9⤵
        
        PID:20460
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        8⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        9⤵
        
        PID:9828
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        9⤵
        
        PID:18076
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        8⤵
        
        PID:7468
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        8⤵
        
        PID:13176
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        8⤵
        
        PID:21756
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        8⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        9⤵
        
        PID:12596
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        9⤵
        
        PID:22472
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        8⤵
        
        PID:8964
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        8⤵
        
        PID:21812
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        8⤵
        
        PID:9956
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        8⤵
        
        PID:16312
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        8⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:13152
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:22288
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        8⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        8⤵
        
        PID:13224
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        8⤵
        
        PID:21588
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:9900
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:18068
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:10632
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:18900
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:12588
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:22408
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:8436
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:18764
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3052
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        8⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        8⤵
        
        PID:9892
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        8⤵
        
        PID:16356
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        8⤵
        
        PID:21308
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        8⤵
        
        PID:11416
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        8⤵
        
        PID:22344
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:8404
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:18928
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:9852
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:19336
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:11220
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:19424
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:7796
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:11204
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:19504
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:2376
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:7776
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:13136
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:21988
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:6328
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:9884
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:18052
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:3900
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:6540
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:10176
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:18224
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:10592
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:19248
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:5632
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:12560
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:22392
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:8428
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:19288
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1964
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2676
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        8⤵
        
        PID:8528
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        8⤵
        
        PID:18304
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        8⤵
        
        PID:12880
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:11544
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:21788
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        8⤵
        
        PID:10852
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        8⤵
        
        PID:21692
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:11352
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:22492
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:12240
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:22376
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:8688
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:13240
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:22168
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:3092
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:8820
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:20012
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:7048
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:11908
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:22120
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:4224
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:7360
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:12024
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:22500
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:6236
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:10376
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:18844
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:1196
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:3368
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:9560
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:13248
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:22072
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:7272
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:12092
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:22464
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:4472
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:8112
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:10940
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:19416
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:6608
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:10648
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:21740
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:3284
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:4964
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:8800
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:20444
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:7092
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:11552
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:21708
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:4364
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:7868
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:10616
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:18532
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:6392
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:10360
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:13372
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:22280
- - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1624
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1876
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2448
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        8⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        9⤵
        
        PID:12528
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        9⤵
        
        PID:21796
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        8⤵
        
        PID:8476
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        8⤵
        
        PID:19300
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        8⤵
        
        PID:9596
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        8⤵
        
        PID:13208
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        8⤵
        
        PID:21860
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:7296
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:12428
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:22384
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        8⤵
        
        PID:12576
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        8⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:8444
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:13200
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:22424
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:9492
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:13216
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:22328
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:7476
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:12348
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:22272
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:1948
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:9784
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:21844
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:11436
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:21724
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:7892
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:11188
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:2300
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:3672
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:12224
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:22112
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:9136
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:13112
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:22296
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:5184
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:9916
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:15852
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:7564
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:13296
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:22520
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1632
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:2692
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:10948
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:21764
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:6524
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:10368
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:13316
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:22400
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:3908
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:6600
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:10664
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:21684
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:5644
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:12544
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:21804
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:8412
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:18676
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:2904
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:4744
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:8948
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:2488
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:7156
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:11376
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:22236
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:3964
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:6824
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:11972
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:22016
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:10568
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:19060
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:5700
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:12032
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:22456
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:8420
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:18192
- - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2840
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:828
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:1800
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:11152
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:19432
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:6352
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:9772
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:1208
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:3892
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:6516
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:10640
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:21716
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:5592
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:12100
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:21732
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:8388
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:19324
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:2720
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:4448
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:7996
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:18244
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:6548
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:10344
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:13348
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:22212
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:3956
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:6680
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:11172
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:19528
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:5692
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:12492
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:22008
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:8468
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:18956
- - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2116
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:2252
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:4696
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:8808
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:20452
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:6916
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:10916
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:21884
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:3972
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:6844
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:10924
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:21920
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:5768
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:11980
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:22064
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:8452
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:19256
- - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
    3⤵
    PID:1612
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:4600
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:8704
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:18832
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:13624
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:6900
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:10908
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:21548
- - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
    3⤵
    PID:3940
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:6660
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:11180
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:19520
- - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
    3⤵
    PID:5676
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:12452
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:21964
- - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
    3⤵
    PID:8836
- - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
    3⤵
    PID:19480
- C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:316
- - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2400
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1204
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2104
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        8⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        9⤵
        
        PID:8608
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        9⤵
        
        PID:18756
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        8⤵
        
        PID:8460
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        8⤵
        
        PID:18524
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        8⤵
        
        PID:9352
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        8⤵
        
        PID:20412
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:11536
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:21900
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:9020
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:2404
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:9580
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:13192
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:22312
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:7612
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:13304
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:3584
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:1740
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        8⤵
        
        PID:12232
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        8⤵
        
        PID:22088
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:8680
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:13256
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:3496
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:9572
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:13128
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:21996
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:7312
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:12008
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:22440
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:3664
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:12552
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:21700
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:8980
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:21748
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:5176
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:9808
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:21836
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:7604
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:13280
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:1932
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1708
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:2132
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:11252
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:22352
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:12520
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:22080
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:9112
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:13168
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:22304
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:3852
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:6176
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:10384
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:18912
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:5496
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:11384
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:21676
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:8664
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:18252
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:1568
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:3808
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:2124
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:9552
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:13144
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:22320
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:5456
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:11428
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:22360
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:8308
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:13264
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:22512
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:3752
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:5964
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:9120
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:13160
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:22256
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:5328
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:11160
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:20472
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:7788
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:11196
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:19512
- - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1916
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2176
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:2352
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:12436
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:22572
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:6376
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:9816
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:21876
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:3860
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:6212
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:9868
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:18216
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:5544
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:11404
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:21868
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:8396
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:18872
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:2344
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:4076
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:7116
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:11520
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:21892
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:5924
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:9128
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:13184
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:22024
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:3768
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:6000
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:9484
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:13232
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:22188
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:5344
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:10776
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:22336
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:7804
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:11212
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:19556
- - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1664
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:2784
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:4416
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:7852
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:10624
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:18888
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:6580
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:10860
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:21780
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:3932
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:6744
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:10608
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:18852
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:5652
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:12608
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:22368
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:8672
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:19316
- - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
    3⤵
    PID:2932
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:4464
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:7988
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:13104
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:22432
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:6556
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:10328
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:13360
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:4336
- - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
    3⤵
    PID:3948
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:6624
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:10600
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:18860
- - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
    3⤵
    PID:5664
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:12500
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:22104
- - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
    3⤵
    PID:8828
- - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
    3⤵
    PID:19496
- C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2832
- - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2948
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:740
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:3392
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:9604
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:11620
        
        C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        7⤵
        
        PID:22588
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:7248
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:11900
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:21828
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:4488
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:8316
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:18232
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:6572
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:12512
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:22128
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:10352
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:13340
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:3220
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:4940
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:8972
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:19448
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:7100
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:11528
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:21820
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:4348
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:7644
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:12444
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:22728
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:6496
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:10656
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:21908
- - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
    3⤵
    PID:2536
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:3104
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:4812
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:8928
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:20400
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:7148
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:11392
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:21980
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:4232
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:7692
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:13288
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:3780
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:6200
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:9860
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:16340
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:4280
- - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
    3⤵
    PID:3084
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:4820
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:8772
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:2580
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:7068
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:11228
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:20432
- - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
    3⤵
    PID:4216
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:7380
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:11964
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:21604
- - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
    3⤵
    PID:1544
- - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
    3⤵
    PID:9876
- - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
    3⤵
    PID:16332
- C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2952
- - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
    3⤵
    PID:2540
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:3124
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:4844
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:9336
      - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        6⤵
        
        PID:19408
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:7076
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:11244
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:20420
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:4240
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:7412
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:12040
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:22448
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:6188
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:9800
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:21972
- - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
    3⤵
    PID:3116
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:4888
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:9360
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:20484
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:7108
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:11560
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:21772
- - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
    3⤵
    PID:4248
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:7596
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:13272
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:2704
- - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
    3⤵
    PID:6344
- - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
    3⤵
    PID:9764
- - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
    3⤵
    PID:20372
- C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
  2⤵
  PID:1640
- - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
    3⤵
    PID:3400
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:5044
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:9588
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:13120
    - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
        5⤵
        
        PID:13520
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:7304
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:12420
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:22032
- - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
    3⤵
    PID:4480
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:8028
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:11360
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:22480
- - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
    3⤵
    PID:6564
- - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
    3⤵
    PID:10336
- - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
    3⤵
    PID:13328
- - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
    3⤵
    PID:22264
- C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
  2⤵
  PID:3256
- - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
    3⤵
    PID:5000
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:9344
  - - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
      4⤵
      PID:19440
- - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
    3⤵
    PID:7060
- - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
    3⤵
    PID:11236
- - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
    3⤵
    PID:19472
- C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
  2⤵
  PID:4356
- - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
    3⤵
    PID:7980
- - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
    3⤵
    PID:10932
- - C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
    3⤵
    PID:21852
- C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
  2⤵
  PID:6364
- C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
  2⤵
  PID:9792
- C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\7c219fa1717f546496d93163a69711f0N.exe"
  2⤵
  PID:22580

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Common Files\microsoft shared\danish beastiality beast lesbian .avi.exe

Filesize
1.3MB

MD5
fc3775a4b47bf3af75605adbbeba49cb

SHA1
8d0e1e835458a7a3ca5ac15b9432a9b20018c66d

SHA256
2ff36c49e9f0326be9e98d589a4ed2386ae2046cd6ec2838c1ae9c923b92afbb

SHA512
7ef26a699af80f5bb9a920ec70433691d005ff0f5111b806c39441615c716bb878ddf0d6b1cda0cadf40c8dc513c91646a73e925a7d1d84118aeaf9313d07a20

Download Submit
C:\debug.txt

Filesize
183B

MD5
46f7c3a2a14f4f9f183f6144423e29fc

SHA1
4ef595d64fb7fde691ae3d144b01299cabc24fd8

SHA256
4a2f2150388df903c7e2d72081a120ad32fd2653654f66a91768457ef86b6ebc

SHA512
fd367be123feb15e39a59d6fd73dffbcce5765c88c4024065aa6a8652e91366858c268f214cc2fa99ed008558d7c4d51842460af9ed2cedb2ed30de3f79072f4

Download Submit