5c54bb2002a304b02c487190f48766df2ca4147ac1cd473d30a1a6d3d93a9a2a

Analysis

max time kernel
28s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
19/07/2024, 12:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

91d843eda6d848bd07ef7e9809b5b470N.exe
Size

1.8MB
MD5

91d843eda6d848bd07ef7e9809b5b470
SHA1

8e142784c5ebaa3fb91681fcff3626acc30b7822
SHA256

5c54bb2002a304b02c487190f48766df2ca4147ac1cd473d30a1a6d3d93a9a2a
SHA512

5c6cb6b66fbd4e049722d05a75b03106b0513a368b8f20cba87a9e63e55f8f5dfcab8d18f1352f88daa613d641f34864040da3d48355cdee132115d7f5eded1a
SSDEEP

49152:xoDJmfNGmZZfGThHs4pkXfDFPCZhhcXpMWQK1DXuac07oV4:xxfNGmRfpCZhatQCXUQ

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1512-0-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/files/0x0007000000016d4d-5.dat	upx
behavioral1/memory/2944-15-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2944-33-0x00000000020A0000-0x00000000020C0000-memory.dmp	upx
behavioral1/memory/2264-36-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2724-34-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2944-69-0x00000000046E0000-0x0000000004700000-memory.dmp	upx
behavioral1/memory/2196-70-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/3052-72-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1512-71-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/3056-84-0x0000000001F50000-0x0000000001F70000-memory.dmp	upx
behavioral1/memory/2944-83-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2724-87-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2264-88-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2004-89-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/3056-90-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/3044-91-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1920-93-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2232-92-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2196-94-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/3052-95-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2156-96-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1356-97-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/368-98-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2140-105-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2004-104-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/3044-108-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/3020-107-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1520-111-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1920-112-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2484-114-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1212-113-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/368-117-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2156-116-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/3044-115-0x0000000004680000-0x00000000046A0000-memory.dmp	upx
behavioral1/memory/2140-118-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1564-119-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1964-120-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1520-123-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/920-122-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2484-124-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/364-126-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2232-128-0x0000000004590000-0x00000000045B0000-memory.dmp	upx
behavioral1/memory/1828-129-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1564-131-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1816-130-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/920-132-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1212-133-0x0000000002090000-0x00000000020B0000-memory.dmp	upx
behavioral1/memory/556-135-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1916-136-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2348-137-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/364-138-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2888-139-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2324-143-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2328-142-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/3068-141-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2480-140-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2960-146-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/556-145-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2348-147-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2888-161-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2728-163-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/3068-162-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2248-165-0x0000000000400000-0x0000000000420000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	91d843eda6d848bd07ef7e9809b5b470N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\W:	91d843eda6d848bd07ef7e9809b5b470N.exe
File opened (read-only)	\??\A:	91d843eda6d848bd07ef7e9809b5b470N.exe
File opened (read-only)	\??\H:	91d843eda6d848bd07ef7e9809b5b470N.exe
File opened (read-only)	\??\I:	91d843eda6d848bd07ef7e9809b5b470N.exe
File opened (read-only)	\??\M:	91d843eda6d848bd07ef7e9809b5b470N.exe
File opened (read-only)	\??\O:	91d843eda6d848bd07ef7e9809b5b470N.exe
File opened (read-only)	\??\R:	91d843eda6d848bd07ef7e9809b5b470N.exe
File opened (read-only)	\??\V:	91d843eda6d848bd07ef7e9809b5b470N.exe
File opened (read-only)	\??\X:	91d843eda6d848bd07ef7e9809b5b470N.exe
File opened (read-only)	\??\Y:	91d843eda6d848bd07ef7e9809b5b470N.exe
File opened (read-only)	\??\J:	91d843eda6d848bd07ef7e9809b5b470N.exe
File opened (read-only)	\??\K:	91d843eda6d848bd07ef7e9809b5b470N.exe
File opened (read-only)	\??\T:	91d843eda6d848bd07ef7e9809b5b470N.exe
File opened (read-only)	\??\Z:	91d843eda6d848bd07ef7e9809b5b470N.exe
File opened (read-only)	\??\B:	91d843eda6d848bd07ef7e9809b5b470N.exe
File opened (read-only)	\??\E:	91d843eda6d848bd07ef7e9809b5b470N.exe
File opened (read-only)	\??\L:	91d843eda6d848bd07ef7e9809b5b470N.exe
File opened (read-only)	\??\P:	91d843eda6d848bd07ef7e9809b5b470N.exe
File opened (read-only)	\??\S:	91d843eda6d848bd07ef7e9809b5b470N.exe
File opened (read-only)	\??\U:	91d843eda6d848bd07ef7e9809b5b470N.exe
File opened (read-only)	\??\G:	91d843eda6d848bd07ef7e9809b5b470N.exe
File opened (read-only)	\??\N:	91d843eda6d848bd07ef7e9809b5b470N.exe
File opened (read-only)	\??\Q:	91d843eda6d848bd07ef7e9809b5b470N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\Temp\japanese lesbian action masturbation ejaculation .avi.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\SysWOW64\FxsTmp\gang bang trambling big (Anniston).zip.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\SysWOW64\IME\shared\german fucking trambling public girly .mpeg.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\SysWOW64\IME\shared\african handjob several models legs shower .rar.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\nude several models YEâPSè& (Karin).avi.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\indian nude masturbation shoes .mpeg.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\lesbian lesbian (Tatjana).avi.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\japanese beastiality horse uncut .avi.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\sperm cumshot big boobs femdom .rar.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\SysWOW64\FxsTmp\bukkake public boobs .zip.exe	91d843eda6d848bd07ef7e9809b5b470N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\lingerie lesbian boobs .rar.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\kicking lesbian [milf] .rar.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\spanish action action [free] sweet .rar.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Program Files\DVD Maker\Shared\american handjob lingerie [bangbus] (Janette,Karin).mpg.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\fucking gang bang hot (!) femdom (Karin).rar.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\malaysia fucking hardcore masturbation legs bondage .rar.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\african kicking porn voyeur YEâPSè& (Sylvia).mpg.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\porn masturbation glans traffic .avi.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Program Files\Windows Journal\Templates\danish lingerie horse [bangbus] (Samantha).mpeg.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\russian beast hidden .mpeg.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Program Files (x86)\Google\Temp\action horse catfight high heels (Sarah).zip.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Program Files (x86)\Google\Update\Download\kicking nude big .rar.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\horse lingerie big glans .mpg.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\spanish horse nude sleeping cock boots .rar.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\chinese cum hidden .avi.exe	91d843eda6d848bd07ef7e9809b5b470N.exe

Drops file in Windows directory 32 IoCs

description	ioc	Process
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\british beastiality [bangbus] latex (Sandy).rar.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\fucking horse sleeping .mpg.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\SoftwareDistribution\Download\porn horse licking vagina .avi.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\black beast cumshot big (Janette,Tatjana).rar.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\norwegian blowjob hidden black hairunshaved (Britney).mpg.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\french kicking handjob sleeping titts swallow .rar.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\canadian gang bang kicking [bangbus] blondie .mpg.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\fetish licking nipples .rar.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\cum uncut redhair (Sonja,Sonja).mpg.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\russian beast several models ash .mpeg.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\animal handjob girls balls .zip.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\malaysia horse [milf] .rar.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\beast catfight titts mistress (Gina).avi.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\assembly\temp\nude hidden blondie .avi.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\brasilian horse cum several models ash ejaculation .zip.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\chinese beastiality [milf] .rar.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\lingerie girls .mpeg.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\french handjob uncut ash ash .mpeg.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\french xxx [milf] .avi.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\Downloaded Program Files\gay hidden .zip.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\chinese trambling masturbation blondie .rar.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\PLA\Templates\animal [free] upskirt (Jade,Ashley).rar.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\mssrv.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\norwegian bukkake sleeping .mpg.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\assembly\tmp\brasilian horse licking .mpg.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\black hardcore hot (!) .avi.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\handjob catfight boobs femdom .rar.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\french gay girls .zip.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\security\templates\japanese beastiality lesbian sm .zip.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\black porn licking traffic .avi.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\tyrkish fucking gang bang voyeur titts .mpg.exe	91d843eda6d848bd07ef7e9809b5b470N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\asian porn sperm lesbian vagina 40+ .rar.exe	91d843eda6d848bd07ef7e9809b5b470N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1512	91d843eda6d848bd07ef7e9809b5b470N.exe
2944	91d843eda6d848bd07ef7e9809b5b470N.exe
1512	91d843eda6d848bd07ef7e9809b5b470N.exe
2724	91d843eda6d848bd07ef7e9809b5b470N.exe
2264	91d843eda6d848bd07ef7e9809b5b470N.exe
2944	91d843eda6d848bd07ef7e9809b5b470N.exe
1512	91d843eda6d848bd07ef7e9809b5b470N.exe
3056	91d843eda6d848bd07ef7e9809b5b470N.exe
2196	91d843eda6d848bd07ef7e9809b5b470N.exe
2232	91d843eda6d848bd07ef7e9809b5b470N.exe
2724	91d843eda6d848bd07ef7e9809b5b470N.exe
3052	91d843eda6d848bd07ef7e9809b5b470N.exe
1512	91d843eda6d848bd07ef7e9809b5b470N.exe
2264	91d843eda6d848bd07ef7e9809b5b470N.exe
2944	91d843eda6d848bd07ef7e9809b5b470N.exe
3056	91d843eda6d848bd07ef7e9809b5b470N.exe
1356	91d843eda6d848bd07ef7e9809b5b470N.exe
2004	91d843eda6d848bd07ef7e9809b5b470N.exe
2196	91d843eda6d848bd07ef7e9809b5b470N.exe
3020	91d843eda6d848bd07ef7e9809b5b470N.exe
1920	91d843eda6d848bd07ef7e9809b5b470N.exe
3044	91d843eda6d848bd07ef7e9809b5b470N.exe
1212	91d843eda6d848bd07ef7e9809b5b470N.exe
1512	91d843eda6d848bd07ef7e9809b5b470N.exe
2724	91d843eda6d848bd07ef7e9809b5b470N.exe
2156	91d843eda6d848bd07ef7e9809b5b470N.exe
2264	91d843eda6d848bd07ef7e9809b5b470N.exe
2944	91d843eda6d848bd07ef7e9809b5b470N.exe
368	91d843eda6d848bd07ef7e9809b5b470N.exe
3052	91d843eda6d848bd07ef7e9809b5b470N.exe
2232	91d843eda6d848bd07ef7e9809b5b470N.exe
2140	91d843eda6d848bd07ef7e9809b5b470N.exe
3056	91d843eda6d848bd07ef7e9809b5b470N.exe
1964	91d843eda6d848bd07ef7e9809b5b470N.exe
1356	91d843eda6d848bd07ef7e9809b5b470N.exe
1520	91d843eda6d848bd07ef7e9809b5b470N.exe
2004	91d843eda6d848bd07ef7e9809b5b470N.exe
2484	91d843eda6d848bd07ef7e9809b5b470N.exe
2196	91d843eda6d848bd07ef7e9809b5b470N.exe
1828	91d843eda6d848bd07ef7e9809b5b470N.exe
1816	91d843eda6d848bd07ef7e9809b5b470N.exe
1564	91d843eda6d848bd07ef7e9809b5b470N.exe
3044	91d843eda6d848bd07ef7e9809b5b470N.exe
920	91d843eda6d848bd07ef7e9809b5b470N.exe
3020	91d843eda6d848bd07ef7e9809b5b470N.exe
1920	91d843eda6d848bd07ef7e9809b5b470N.exe
1916	91d843eda6d848bd07ef7e9809b5b470N.exe
2724	91d843eda6d848bd07ef7e9809b5b470N.exe
1512	91d843eda6d848bd07ef7e9809b5b470N.exe
364	91d843eda6d848bd07ef7e9809b5b470N.exe
2480	91d843eda6d848bd07ef7e9809b5b470N.exe
2328	91d843eda6d848bd07ef7e9809b5b470N.exe
2324	91d843eda6d848bd07ef7e9809b5b470N.exe
2264	91d843eda6d848bd07ef7e9809b5b470N.exe
2944	91d843eda6d848bd07ef7e9809b5b470N.exe
556	91d843eda6d848bd07ef7e9809b5b470N.exe
3052	91d843eda6d848bd07ef7e9809b5b470N.exe
2232	91d843eda6d848bd07ef7e9809b5b470N.exe
1212	91d843eda6d848bd07ef7e9809b5b470N.exe
2348	91d843eda6d848bd07ef7e9809b5b470N.exe
2156	91d843eda6d848bd07ef7e9809b5b470N.exe
2156	91d843eda6d848bd07ef7e9809b5b470N.exe
2888	91d843eda6d848bd07ef7e9809b5b470N.exe
2888	91d843eda6d848bd07ef7e9809b5b470N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1512 wrote to memory of 2944	1512	91d843eda6d848bd07ef7e9809b5b470N.exe	30
PID 1512 wrote to memory of 2944	1512	91d843eda6d848bd07ef7e9809b5b470N.exe	30
PID 1512 wrote to memory of 2944	1512	91d843eda6d848bd07ef7e9809b5b470N.exe	30
PID 1512 wrote to memory of 2944	1512	91d843eda6d848bd07ef7e9809b5b470N.exe	30
PID 2944 wrote to memory of 2724	2944	91d843eda6d848bd07ef7e9809b5b470N.exe	31
PID 2944 wrote to memory of 2724	2944	91d843eda6d848bd07ef7e9809b5b470N.exe	31
PID 2944 wrote to memory of 2724	2944	91d843eda6d848bd07ef7e9809b5b470N.exe	31
PID 2944 wrote to memory of 2724	2944	91d843eda6d848bd07ef7e9809b5b470N.exe	31
PID 1512 wrote to memory of 2264	1512	91d843eda6d848bd07ef7e9809b5b470N.exe	32
PID 1512 wrote to memory of 2264	1512	91d843eda6d848bd07ef7e9809b5b470N.exe	32
PID 1512 wrote to memory of 2264	1512	91d843eda6d848bd07ef7e9809b5b470N.exe	32
PID 1512 wrote to memory of 2264	1512	91d843eda6d848bd07ef7e9809b5b470N.exe	32
PID 2724 wrote to memory of 3056	2724	91d843eda6d848bd07ef7e9809b5b470N.exe	33
PID 2724 wrote to memory of 3056	2724	91d843eda6d848bd07ef7e9809b5b470N.exe	33
PID 2724 wrote to memory of 3056	2724	91d843eda6d848bd07ef7e9809b5b470N.exe	33
PID 2724 wrote to memory of 3056	2724	91d843eda6d848bd07ef7e9809b5b470N.exe	33
PID 1512 wrote to memory of 2196	1512	91d843eda6d848bd07ef7e9809b5b470N.exe	35
PID 1512 wrote to memory of 2196	1512	91d843eda6d848bd07ef7e9809b5b470N.exe	35
PID 1512 wrote to memory of 2196	1512	91d843eda6d848bd07ef7e9809b5b470N.exe	35
PID 1512 wrote to memory of 2196	1512	91d843eda6d848bd07ef7e9809b5b470N.exe	35
PID 2264 wrote to memory of 2232	2264	91d843eda6d848bd07ef7e9809b5b470N.exe	36
PID 2264 wrote to memory of 2232	2264	91d843eda6d848bd07ef7e9809b5b470N.exe	36
PID 2264 wrote to memory of 2232	2264	91d843eda6d848bd07ef7e9809b5b470N.exe	36
PID 2264 wrote to memory of 2232	2264	91d843eda6d848bd07ef7e9809b5b470N.exe	36
PID 2944 wrote to memory of 3052	2944	91d843eda6d848bd07ef7e9809b5b470N.exe	34
PID 2944 wrote to memory of 3052	2944	91d843eda6d848bd07ef7e9809b5b470N.exe	34
PID 2944 wrote to memory of 3052	2944	91d843eda6d848bd07ef7e9809b5b470N.exe	34
PID 2944 wrote to memory of 3052	2944	91d843eda6d848bd07ef7e9809b5b470N.exe	34
PID 3056 wrote to memory of 1356	3056	91d843eda6d848bd07ef7e9809b5b470N.exe	37
PID 3056 wrote to memory of 1356	3056	91d843eda6d848bd07ef7e9809b5b470N.exe	37
PID 3056 wrote to memory of 1356	3056	91d843eda6d848bd07ef7e9809b5b470N.exe	37
PID 3056 wrote to memory of 1356	3056	91d843eda6d848bd07ef7e9809b5b470N.exe	37
PID 2196 wrote to memory of 2004	2196	91d843eda6d848bd07ef7e9809b5b470N.exe	38
PID 2196 wrote to memory of 2004	2196	91d843eda6d848bd07ef7e9809b5b470N.exe	38
PID 2196 wrote to memory of 2004	2196	91d843eda6d848bd07ef7e9809b5b470N.exe	38
PID 2196 wrote to memory of 2004	2196	91d843eda6d848bd07ef7e9809b5b470N.exe	38
PID 1512 wrote to memory of 3020	1512	91d843eda6d848bd07ef7e9809b5b470N.exe	39
PID 1512 wrote to memory of 3020	1512	91d843eda6d848bd07ef7e9809b5b470N.exe	39
PID 1512 wrote to memory of 3020	1512	91d843eda6d848bd07ef7e9809b5b470N.exe	39
PID 1512 wrote to memory of 3020	1512	91d843eda6d848bd07ef7e9809b5b470N.exe	39
PID 2724 wrote to memory of 3044	2724	91d843eda6d848bd07ef7e9809b5b470N.exe	40
PID 2724 wrote to memory of 3044	2724	91d843eda6d848bd07ef7e9809b5b470N.exe	40
PID 2724 wrote to memory of 3044	2724	91d843eda6d848bd07ef7e9809b5b470N.exe	40
PID 2724 wrote to memory of 3044	2724	91d843eda6d848bd07ef7e9809b5b470N.exe	40
PID 2264 wrote to memory of 1920	2264	91d843eda6d848bd07ef7e9809b5b470N.exe	41
PID 2264 wrote to memory of 1920	2264	91d843eda6d848bd07ef7e9809b5b470N.exe	41
PID 2264 wrote to memory of 1920	2264	91d843eda6d848bd07ef7e9809b5b470N.exe	41
PID 2264 wrote to memory of 1920	2264	91d843eda6d848bd07ef7e9809b5b470N.exe	41
PID 2944 wrote to memory of 1212	2944	91d843eda6d848bd07ef7e9809b5b470N.exe	42
PID 2944 wrote to memory of 1212	2944	91d843eda6d848bd07ef7e9809b5b470N.exe	42
PID 2944 wrote to memory of 1212	2944	91d843eda6d848bd07ef7e9809b5b470N.exe	42
PID 2944 wrote to memory of 1212	2944	91d843eda6d848bd07ef7e9809b5b470N.exe	42
PID 2232 wrote to memory of 2156	2232	91d843eda6d848bd07ef7e9809b5b470N.exe	43
PID 2232 wrote to memory of 2156	2232	91d843eda6d848bd07ef7e9809b5b470N.exe	43
PID 2232 wrote to memory of 2156	2232	91d843eda6d848bd07ef7e9809b5b470N.exe	43
PID 2232 wrote to memory of 2156	2232	91d843eda6d848bd07ef7e9809b5b470N.exe	43
PID 3052 wrote to memory of 368	3052	91d843eda6d848bd07ef7e9809b5b470N.exe	44
PID 3052 wrote to memory of 368	3052	91d843eda6d848bd07ef7e9809b5b470N.exe	44
PID 3052 wrote to memory of 368	3052	91d843eda6d848bd07ef7e9809b5b470N.exe	44
PID 3052 wrote to memory of 368	3052	91d843eda6d848bd07ef7e9809b5b470N.exe	44
PID 3056 wrote to memory of 2140	3056	91d843eda6d848bd07ef7e9809b5b470N.exe	45
PID 3056 wrote to memory of 2140	3056	91d843eda6d848bd07ef7e9809b5b470N.exe	45
PID 3056 wrote to memory of 2140	3056	91d843eda6d848bd07ef7e9809b5b470N.exe	45
PID 3056 wrote to memory of 2140	3056	91d843eda6d848bd07ef7e9809b5b470N.exe	45

C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
"C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1512
- C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
  "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2944
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2724
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:3056
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1356
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        8⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        9⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        8⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        8⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        8⤵
        
        PID:9252
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:9112
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        8⤵
        
        PID:9156
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        8⤵
        
        PID:10232
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:9136
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        8⤵
        
        PID:10116
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:9356
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:9916
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:10268
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:9460
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2140
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        8⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        9⤵
        
        PID:9892
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        8⤵
        
        PID:10108
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:6600
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        8⤵
        
        PID:10084
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:10324
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:9900
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:7216
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:3068
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:10032
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:9772
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:9372
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:1572
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:9796
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:608
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:4160
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:1076
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:7048
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3044
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1828
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        8⤵
        
        PID:9828
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:8608
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:7116
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:9452
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:1720
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:652
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:10216
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:6592
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:10396
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:3512
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:6620
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:10288
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:5112
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:9152
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:9960
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:920
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:2424
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:9476
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:9204
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:4112
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:9468
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:7032
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:2020
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:4336
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:9852
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:2636
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:3736
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:1576
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:5228
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:9300
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:9332
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3052
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:368
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2888
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:9212
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:9924
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:7056
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:2772
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:10044
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:9308
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:4092
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:9380
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:6396
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:3652
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:10184
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2324
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:3204
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:9756
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:2088
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:4464
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:2512
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:5844
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:9820
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:400
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:2648
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:4708
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:9284
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:5984
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:9572
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:4888
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:3844
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:5676
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:9712
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:5060
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:5660
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:9844
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:2060
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1212
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:556
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:3540
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:4196
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:10176
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:4168
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:9436
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:9868
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:1652
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:4952
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:9228
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:8940
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:3388
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:9388
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:6424
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:3588
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:9932
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2480
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:3156
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:4836
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:9220
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:10008
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:4372
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:9836
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:6152
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:9632
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:9428
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    PID:1420
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:4428
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:9072
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:5976
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:4412
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:9940
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    PID:4084
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:9780
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    PID:5796
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:9584
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    PID:10224
- C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
  "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2264
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2232
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2156
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2348
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:10312
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:9788
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:9316
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:3040
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:4672
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:9364
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:3332
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:1080
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:6000
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:10000
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:9984
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2328
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:3264
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:10124
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:10024
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:4288
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:1036
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:5768
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:1084
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:4900
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:2644
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:4724
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:9804
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:6580
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:9908
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:2632
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:3396
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:9412
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:5968
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:9624
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:3904
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1920
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1564
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:864
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:9812
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:1908
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:3920
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:3792
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:10092
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:6064
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:10140
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:2080
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:2684
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:3404
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:9992
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:7084
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:3616
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:4868
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:10252
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:9944
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:5056
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:9616
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:10016
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:364
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:3244
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:6072
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:4720
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:9876
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:4360
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:9292
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:5836
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:10068
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:10208
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    PID:1744
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:4936
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:9260
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:3508
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    PID:3968
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:9648
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    PID:6040
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:9348
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    PID:9516
- C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
  "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2196
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2004
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1520
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:1176
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:9188
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        7⤵
        
        PID:9608
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:9860
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:3500
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:6628
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:10404
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:5220
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:9764
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:9640
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:2960
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:3796
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:6748
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:5704
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:10132
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:9268
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:3116
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:5872
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:10100
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:9500
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:4300
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:10076
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:5720
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:9324
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:10260
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2484
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:2992
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:3608
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:9108
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:5832
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:10036
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:10148
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:3640
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:5816
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:10200
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:10244
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:5296
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:9484
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:9720
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    PID:2840
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:3876
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:6368
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:10056
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:9976
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:5276
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:9444
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:9508
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    PID:3180
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:4908
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:3288
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:9492
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    PID:4848
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:9420
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    PID:9196
- C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
  "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3020
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1816
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:696
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:4776
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:2268
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:6388
      - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        6⤵
        
        PID:10192
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:10280
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:3780
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:6716
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:5728
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:4644
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:9276
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    PID:2596
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:3624
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:9884
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:7040
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    PID:3628
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:6652
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:10420
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    PID:5088
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:9396
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    PID:7204
- C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
  "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1916
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    PID:2676
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:6056
    - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
        5⤵
        
        PID:9968
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:9340
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    PID:4176
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:8984
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    PID:7184
- C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
  "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
  2⤵
  PID:2880
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    PID:4200
  - - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
      "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
      4⤵
      PID:9404
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    PID:7068
- C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
  "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
  2⤵
  PID:3752
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    PID:8948
- C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
  "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
  2⤵
  PID:4932
- - C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
    "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
    3⤵
    PID:9952
- C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe
  "C:\Users\Admin\AppData\Local\Temp\91d843eda6d848bd07ef7e9809b5b470N.exe"
  2⤵
  PID:9144

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\russian beast hidden .mpeg.exe

Filesize
927KB

MD5
456063dea935a4cb04f6a7783fd4b041

SHA1
4a1c07ab3cd2b239a4f52df32c6a1bb2aaa944e9

SHA256
d94355267e1dd3eaac9f8fe98dcc0d30f46dc378355027d7e2d7d85ccabc67da

SHA512
34af222678d6380564c91913ffe7d983d6c39ce38a68256427538747864d76472160c304ae97bc8c004755d18acca34604b0ce18beafacc4e5fe7f5cee22ff96

Download Submit
memory/364-126-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/364-138-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/368-98-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/368-117-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/556-135-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/556-145-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/652-167-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/696-185-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/696-182-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/864-198-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/864-183-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/920-132-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/920-200-0x00000000044A0000-0x00000000044C0000-memory.dmp

Filesize
128KB

Download
memory/920-122-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/920-211-0x00000000044A0000-0x00000000044C0000-memory.dmp

Filesize
128KB

Download
memory/1212-133-0x0000000002090000-0x00000000020B0000-memory.dmp

Filesize
128KB

Download
memory/1212-113-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1356-97-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1512-82-0x0000000004F30000-0x0000000004F50000-memory.dmp

Filesize
128KB

Download
memory/1512-71-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1512-134-0x0000000005F80000-0x0000000005FA0000-memory.dmp

Filesize
128KB

Download
memory/1512-35-0x0000000004F30000-0x0000000004F50000-memory.dmp

Filesize
128KB

Download
memory/1512-0-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1512-106-0x0000000005F80000-0x0000000005FA0000-memory.dmp

Filesize
128KB

Download
memory/1512-14-0x0000000004F30000-0x0000000004F50000-memory.dmp

Filesize
128KB

Download
memory/1520-111-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1520-123-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1520-164-0x00000000047C0000-0x00000000047E0000-memory.dmp

Filesize
128KB

Download
memory/1520-175-0x00000000047C0000-0x00000000047E0000-memory.dmp

Filesize
128KB

Download
memory/1564-131-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1564-119-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1744-181-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1816-130-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1828-129-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1916-210-0x00000000047C0000-0x00000000047E0000-memory.dmp

Filesize
128KB

Download
memory/1916-136-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1916-199-0x00000000047C0000-0x00000000047E0000-memory.dmp

Filesize
128KB

Download
memory/1920-93-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1920-112-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1964-120-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2004-89-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2004-121-0x00000000047C0000-0x00000000047E0000-memory.dmp

Filesize
128KB

Download
memory/2004-109-0x00000000047C0000-0x00000000047E0000-memory.dmp

Filesize
128KB

Download
memory/2004-201-0x00000000047E0000-0x0000000004800000-memory.dmp

Filesize
128KB

Download
memory/2004-104-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2140-118-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2140-105-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2156-116-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2156-96-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2196-94-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2196-70-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2232-188-0x00000000047F0000-0x0000000004810000-memory.dmp

Filesize
128KB

Download
memory/2232-128-0x0000000004590000-0x00000000045B0000-memory.dmp

Filesize
128KB

Download
memory/2232-92-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2248-165-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2264-36-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2264-88-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2324-143-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2328-142-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2348-137-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2348-147-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2480-140-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2484-114-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2484-124-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2596-170-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2648-184-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2724-87-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2724-34-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2728-174-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2728-163-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2772-207-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2840-168-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2888-139-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2888-161-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2944-83-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2944-110-0x00000000046E0000-0x0000000004700000-memory.dmp

Filesize
128KB

Download
memory/2944-15-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2944-33-0x00000000020A0000-0x00000000020C0000-memory.dmp

Filesize
128KB

Download
memory/2944-180-0x00000000046E0000-0x0000000004700000-memory.dmp

Filesize
128KB

Download
memory/2944-85-0x00000000020A0000-0x00000000020C0000-memory.dmp

Filesize
128KB

Download
memory/2944-69-0x00000000046E0000-0x0000000004700000-memory.dmp

Filesize
128KB

Download
memory/2960-166-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2960-146-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2992-169-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3020-107-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3044-108-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3044-91-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3044-115-0x0000000004680000-0x00000000046A0000-memory.dmp

Filesize
128KB

Download
memory/3044-127-0x0000000004680000-0x00000000046A0000-memory.dmp

Filesize
128KB

Download
memory/3052-95-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3052-72-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3056-84-0x0000000001F50000-0x0000000001F70000-memory.dmp

Filesize
128KB

Download
memory/3056-90-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3068-141-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3068-162-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3116-202-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download