d15700f8674e070de61de49e64234dd0428205f2573be33465de84d579b09e4d

Analysis

max time kernel
16s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
19/07/2024, 20:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

03964d230265d3bfbf39cb5ea5234990N.exe
Size

425KB
MD5

03964d230265d3bfbf39cb5ea5234990
SHA1

796aafe4c25844597e9746e256ab2304e55832b4
SHA256

d15700f8674e070de61de49e64234dd0428205f2573be33465de84d579b09e4d
SHA512

2993e2cf04591fe063cd3dd84da2bc24416ce6c1ce3255c5fc07e1ad7b98bdc54e9ad1df1d360c2b8522ec86c99a053d6d6994cd80bcd84baad8e846a7c2975a
SSDEEP

12288:dXCNi9B2zE47k0fVizBN/6gzw+wiXGZyakTa:oW2Y4I0f8fCgaiXGIakO

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	03964d230265d3bfbf39cb5ea5234990N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\L:	03964d230265d3bfbf39cb5ea5234990N.exe
File opened (read-only)	\??\Q:	03964d230265d3bfbf39cb5ea5234990N.exe
File opened (read-only)	\??\V:	03964d230265d3bfbf39cb5ea5234990N.exe
File opened (read-only)	\??\X:	03964d230265d3bfbf39cb5ea5234990N.exe
File opened (read-only)	\??\Z:	03964d230265d3bfbf39cb5ea5234990N.exe
File opened (read-only)	\??\A:	03964d230265d3bfbf39cb5ea5234990N.exe
File opened (read-only)	\??\B:	03964d230265d3bfbf39cb5ea5234990N.exe
File opened (read-only)	\??\R:	03964d230265d3bfbf39cb5ea5234990N.exe
File opened (read-only)	\??\T:	03964d230265d3bfbf39cb5ea5234990N.exe
File opened (read-only)	\??\O:	03964d230265d3bfbf39cb5ea5234990N.exe
File opened (read-only)	\??\P:	03964d230265d3bfbf39cb5ea5234990N.exe
File opened (read-only)	\??\I:	03964d230265d3bfbf39cb5ea5234990N.exe
File opened (read-only)	\??\J:	03964d230265d3bfbf39cb5ea5234990N.exe
File opened (read-only)	\??\K:	03964d230265d3bfbf39cb5ea5234990N.exe
File opened (read-only)	\??\M:	03964d230265d3bfbf39cb5ea5234990N.exe
File opened (read-only)	\??\N:	03964d230265d3bfbf39cb5ea5234990N.exe
File opened (read-only)	\??\W:	03964d230265d3bfbf39cb5ea5234990N.exe
File opened (read-only)	\??\E:	03964d230265d3bfbf39cb5ea5234990N.exe
File opened (read-only)	\??\H:	03964d230265d3bfbf39cb5ea5234990N.exe
File opened (read-only)	\??\U:	03964d230265d3bfbf39cb5ea5234990N.exe
File opened (read-only)	\??\Y:	03964d230265d3bfbf39cb5ea5234990N.exe
File opened (read-only)	\??\G:	03964d230265d3bfbf39cb5ea5234990N.exe
File opened (read-only)	\??\S:	03964d230265d3bfbf39cb5ea5234990N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\brasilian handjob bukkake voyeur ejaculation (Ashley,Karin).zip.exe	03964d230265d3bfbf39cb5ea5234990N.exe
File created	C:\Windows\SysWOW64\FxsTmp\black nude horse masturbation feet beautyfull .mpeg.exe	03964d230265d3bfbf39cb5ea5234990N.exe
File created	C:\Windows\SysWOW64\IME\shared\blowjob sleeping feet blondie .zip.exe	03964d230265d3bfbf39cb5ea5234990N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\xxx several models .rar.exe	03964d230265d3bfbf39cb5ea5234990N.exe
File created	C:\Windows\SysWOW64\FxsTmp\nude hardcore [milf] YEâPSè& .avi.exe	03964d230265d3bfbf39cb5ea5234990N.exe
File created	C:\Windows\SysWOW64\IME\shared\tyrkish gang bang lesbian sleeping young .zip.exe	03964d230265d3bfbf39cb5ea5234990N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\tyrkish kicking trambling [milf] feet mistress .mpg.exe	03964d230265d3bfbf39cb5ea5234990N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\horse public feet shoes (Tatjana).mpg.exe	03964d230265d3bfbf39cb5ea5234990N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\italian nude sperm girls sweet .mpg.exe	03964d230265d3bfbf39cb5ea5234990N.exe
File created	C:\Windows\System32\DriverStore\Temp\sperm masturbation cock leather (Karin).avi.exe	03964d230265d3bfbf39cb5ea5234990N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Google\Temp\xxx uncut glans shower (Melissa).mpeg.exe	03964d230265d3bfbf39cb5ea5234990N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\tyrkish action gay voyeur mature .rar.exe	03964d230265d3bfbf39cb5ea5234990N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\lingerie big swallow .rar.exe	03964d230265d3bfbf39cb5ea5234990N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\lesbian girls hole redhair (Sylvia).mpeg.exe	03964d230265d3bfbf39cb5ea5234990N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\tyrkish animal hardcore voyeur hole granny (Jade).mpeg.exe	03964d230265d3bfbf39cb5ea5234990N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\italian gang bang bukkake uncut (Curtney).zip.exe	03964d230265d3bfbf39cb5ea5234990N.exe
File created	C:\Program Files\DVD Maker\Shared\danish gang bang lesbian sleeping .avi.exe	03964d230265d3bfbf39cb5ea5234990N.exe
File created	C:\Program Files\Windows Journal\Templates\japanese cum xxx uncut hotel .mpeg.exe	03964d230265d3bfbf39cb5ea5234990N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\american gang bang trambling lesbian cock .mpg.exe	03964d230265d3bfbf39cb5ea5234990N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\italian fetish horse lesbian upskirt .rar.exe	03964d230265d3bfbf39cb5ea5234990N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\black animal gay hidden (Liz).zip.exe	03964d230265d3bfbf39cb5ea5234990N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\russian beastiality trambling [free] leather .mpg.exe	03964d230265d3bfbf39cb5ea5234990N.exe
File created	C:\Program Files (x86)\Google\Update\Download\horse [milf] stockings .mpeg.exe	03964d230265d3bfbf39cb5ea5234990N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\italian porn lesbian [free] (Sylvia).mpg.exe	03964d230265d3bfbf39cb5ea5234990N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\lesbian full movie glans .zip.exe	03964d230265d3bfbf39cb5ea5234990N.exe

Drops file in Windows directory 32 IoCs

description	ioc	Process
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\gay full movie redhair (Sonja,Sylvia).mpeg.exe	03964d230265d3bfbf39cb5ea5234990N.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\fucking several models glans traffic (Samantha).mpeg.exe	03964d230265d3bfbf39cb5ea5234990N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\black kicking blowjob [free] ash .mpg.exe	03964d230265d3bfbf39cb5ea5234990N.exe
File created	C:\Windows\Downloaded Program Files\gay voyeur feet young (Tatjana).zip.exe	03964d230265d3bfbf39cb5ea5234990N.exe
File created	C:\Windows\PLA\Templates\gay uncut hole (Ashley,Samantha).avi.exe	03964d230265d3bfbf39cb5ea5234990N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\brasilian animal trambling several models glans pregnant (Tatjana).avi.exe	03964d230265d3bfbf39cb5ea5234990N.exe
File created	C:\Windows\SoftwareDistribution\Download\swedish kicking bukkake girls ejaculation .mpeg.exe	03964d230265d3bfbf39cb5ea5234990N.exe
File created	C:\Windows\mssrv.exe	03964d230265d3bfbf39cb5ea5234990N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\russian fetish trambling masturbation (Samantha).zip.exe	03964d230265d3bfbf39cb5ea5234990N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\sperm [milf] hotel .mpg.exe	03964d230265d3bfbf39cb5ea5234990N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\trambling big hole .rar.exe	03964d230265d3bfbf39cb5ea5234990N.exe
File created	C:\Windows\security\templates\danish porn fucking big (Liz).mpg.exe	03964d230265d3bfbf39cb5ea5234990N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\russian porn gay girls (Curtney).mpg.exe	03964d230265d3bfbf39cb5ea5234990N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\beast lesbian .mpg.exe	03964d230265d3bfbf39cb5ea5234990N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\beast full movie .zip.exe	03964d230265d3bfbf39cb5ea5234990N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\japanese cum trambling voyeur balls .mpeg.exe	03964d230265d3bfbf39cb5ea5234990N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\xxx several models (Sarah).mpeg.exe	03964d230265d3bfbf39cb5ea5234990N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\american gang bang beast girls .avi.exe	03964d230265d3bfbf39cb5ea5234990N.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\bukkake sleeping titts granny .avi.exe	03964d230265d3bfbf39cb5ea5234990N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\swedish handjob bukkake masturbation cock ejaculation .rar.exe	03964d230265d3bfbf39cb5ea5234990N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\beast hot (!) beautyfull .mpg.exe	03964d230265d3bfbf39cb5ea5234990N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\tyrkish cum lingerie girls titts .rar.exe	03964d230265d3bfbf39cb5ea5234990N.exe
File created	C:\Windows\assembly\tmp\blowjob uncut hole (Britney,Curtney).zip.exe	03964d230265d3bfbf39cb5ea5234990N.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\japanese beastiality blowjob uncut glans young .mpeg.exe	03964d230265d3bfbf39cb5ea5234990N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\tyrkish cum beast hot (!) .avi.exe	03964d230265d3bfbf39cb5ea5234990N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\black horse beast lesbian .zip.exe	03964d230265d3bfbf39cb5ea5234990N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\bukkake catfight cock mistress (Liz).rar.exe	03964d230265d3bfbf39cb5ea5234990N.exe
File created	C:\Windows\assembly\temp\tyrkish fetish lesbian sleeping boots .zip.exe	03964d230265d3bfbf39cb5ea5234990N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\italian nude trambling masturbation hole traffic (Sarah).mpeg.exe	03964d230265d3bfbf39cb5ea5234990N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\blowjob [free] glans pregnant .mpg.exe	03964d230265d3bfbf39cb5ea5234990N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\black cum beast [bangbus] .avi.exe	03964d230265d3bfbf39cb5ea5234990N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\lesbian licking black hairunshaved .mpg.exe	03964d230265d3bfbf39cb5ea5234990N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2948	03964d230265d3bfbf39cb5ea5234990N.exe
2264	03964d230265d3bfbf39cb5ea5234990N.exe
2948	03964d230265d3bfbf39cb5ea5234990N.exe
2616	03964d230265d3bfbf39cb5ea5234990N.exe
2648	03964d230265d3bfbf39cb5ea5234990N.exe
2948	03964d230265d3bfbf39cb5ea5234990N.exe
2264	03964d230265d3bfbf39cb5ea5234990N.exe
2988	03964d230265d3bfbf39cb5ea5234990N.exe
1724	03964d230265d3bfbf39cb5ea5234990N.exe
2616	03964d230265d3bfbf39cb5ea5234990N.exe
1696	03964d230265d3bfbf39cb5ea5234990N.exe
2648	03964d230265d3bfbf39cb5ea5234990N.exe
2264	03964d230265d3bfbf39cb5ea5234990N.exe
2948	03964d230265d3bfbf39cb5ea5234990N.exe
1728	03964d230265d3bfbf39cb5ea5234990N.exe
2668	03964d230265d3bfbf39cb5ea5234990N.exe
2616	03964d230265d3bfbf39cb5ea5234990N.exe
1724	03964d230265d3bfbf39cb5ea5234990N.exe
2988	03964d230265d3bfbf39cb5ea5234990N.exe
1904	03964d230265d3bfbf39cb5ea5234990N.exe
1668	03964d230265d3bfbf39cb5ea5234990N.exe
2288	03964d230265d3bfbf39cb5ea5234990N.exe
2264	03964d230265d3bfbf39cb5ea5234990N.exe
1736	03964d230265d3bfbf39cb5ea5234990N.exe
2780	03964d230265d3bfbf39cb5ea5234990N.exe
2648	03964d230265d3bfbf39cb5ea5234990N.exe
2948	03964d230265d3bfbf39cb5ea5234990N.exe
2580	03964d230265d3bfbf39cb5ea5234990N.exe
1496	03964d230265d3bfbf39cb5ea5234990N.exe
1728	03964d230265d3bfbf39cb5ea5234990N.exe
1696	03964d230265d3bfbf39cb5ea5234990N.exe
1720	03964d230265d3bfbf39cb5ea5234990N.exe
2184	03964d230265d3bfbf39cb5ea5234990N.exe
1960	03964d230265d3bfbf39cb5ea5234990N.exe
1724	03964d230265d3bfbf39cb5ea5234990N.exe
2616	03964d230265d3bfbf39cb5ea5234990N.exe
2668	03964d230265d3bfbf39cb5ea5234990N.exe
2296	03964d230265d3bfbf39cb5ea5234990N.exe
2104	03964d230265d3bfbf39cb5ea5234990N.exe
2264	03964d230265d3bfbf39cb5ea5234990N.exe
2288	03964d230265d3bfbf39cb5ea5234990N.exe
2068	03964d230265d3bfbf39cb5ea5234990N.exe
2988	03964d230265d3bfbf39cb5ea5234990N.exe
2648	03964d230265d3bfbf39cb5ea5234990N.exe
1480	03964d230265d3bfbf39cb5ea5234990N.exe
2948	03964d230265d3bfbf39cb5ea5234990N.exe
1972	03964d230265d3bfbf39cb5ea5234990N.exe
1972	03964d230265d3bfbf39cb5ea5234990N.exe
536	03964d230265d3bfbf39cb5ea5234990N.exe
536	03964d230265d3bfbf39cb5ea5234990N.exe
1036	03964d230265d3bfbf39cb5ea5234990N.exe
1036	03964d230265d3bfbf39cb5ea5234990N.exe
2492	03964d230265d3bfbf39cb5ea5234990N.exe
2492	03964d230265d3bfbf39cb5ea5234990N.exe
2156	03964d230265d3bfbf39cb5ea5234990N.exe
2156	03964d230265d3bfbf39cb5ea5234990N.exe
936	03964d230265d3bfbf39cb5ea5234990N.exe
936	03964d230265d3bfbf39cb5ea5234990N.exe
1668	03964d230265d3bfbf39cb5ea5234990N.exe
1668	03964d230265d3bfbf39cb5ea5234990N.exe
852	03964d230265d3bfbf39cb5ea5234990N.exe
852	03964d230265d3bfbf39cb5ea5234990N.exe
1968	03964d230265d3bfbf39cb5ea5234990N.exe
1968	03964d230265d3bfbf39cb5ea5234990N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2948 wrote to memory of 2264	2948	03964d230265d3bfbf39cb5ea5234990N.exe	30
PID 2948 wrote to memory of 2264	2948	03964d230265d3bfbf39cb5ea5234990N.exe	30
PID 2948 wrote to memory of 2264	2948	03964d230265d3bfbf39cb5ea5234990N.exe	30
PID 2948 wrote to memory of 2264	2948	03964d230265d3bfbf39cb5ea5234990N.exe	30
PID 2948 wrote to memory of 2616	2948	03964d230265d3bfbf39cb5ea5234990N.exe	32
PID 2948 wrote to memory of 2616	2948	03964d230265d3bfbf39cb5ea5234990N.exe	32
PID 2948 wrote to memory of 2616	2948	03964d230265d3bfbf39cb5ea5234990N.exe	32
PID 2948 wrote to memory of 2616	2948	03964d230265d3bfbf39cb5ea5234990N.exe	32
PID 2264 wrote to memory of 2648	2264	03964d230265d3bfbf39cb5ea5234990N.exe	31
PID 2264 wrote to memory of 2648	2264	03964d230265d3bfbf39cb5ea5234990N.exe	31
PID 2264 wrote to memory of 2648	2264	03964d230265d3bfbf39cb5ea5234990N.exe	31
PID 2264 wrote to memory of 2648	2264	03964d230265d3bfbf39cb5ea5234990N.exe	31
PID 2616 wrote to memory of 2988	2616	03964d230265d3bfbf39cb5ea5234990N.exe	33
PID 2616 wrote to memory of 2988	2616	03964d230265d3bfbf39cb5ea5234990N.exe	33
PID 2616 wrote to memory of 2988	2616	03964d230265d3bfbf39cb5ea5234990N.exe	33
PID 2616 wrote to memory of 2988	2616	03964d230265d3bfbf39cb5ea5234990N.exe	33
PID 2648 wrote to memory of 1724	2648	03964d230265d3bfbf39cb5ea5234990N.exe	34
PID 2648 wrote to memory of 1724	2648	03964d230265d3bfbf39cb5ea5234990N.exe	34
PID 2648 wrote to memory of 1724	2648	03964d230265d3bfbf39cb5ea5234990N.exe	34
PID 2648 wrote to memory of 1724	2648	03964d230265d3bfbf39cb5ea5234990N.exe	34
PID 2948 wrote to memory of 1696	2948	03964d230265d3bfbf39cb5ea5234990N.exe	35
PID 2948 wrote to memory of 1696	2948	03964d230265d3bfbf39cb5ea5234990N.exe	35
PID 2948 wrote to memory of 1696	2948	03964d230265d3bfbf39cb5ea5234990N.exe	35
PID 2948 wrote to memory of 1696	2948	03964d230265d3bfbf39cb5ea5234990N.exe	35
PID 2264 wrote to memory of 1728	2264	03964d230265d3bfbf39cb5ea5234990N.exe	36
PID 2264 wrote to memory of 1728	2264	03964d230265d3bfbf39cb5ea5234990N.exe	36
PID 2264 wrote to memory of 1728	2264	03964d230265d3bfbf39cb5ea5234990N.exe	36
PID 2264 wrote to memory of 1728	2264	03964d230265d3bfbf39cb5ea5234990N.exe	36
PID 2616 wrote to memory of 1904	2616	03964d230265d3bfbf39cb5ea5234990N.exe	37
PID 2616 wrote to memory of 1904	2616	03964d230265d3bfbf39cb5ea5234990N.exe	37
PID 2616 wrote to memory of 1904	2616	03964d230265d3bfbf39cb5ea5234990N.exe	37
PID 2616 wrote to memory of 1904	2616	03964d230265d3bfbf39cb5ea5234990N.exe	37
PID 2988 wrote to memory of 2668	2988	03964d230265d3bfbf39cb5ea5234990N.exe	38
PID 2988 wrote to memory of 2668	2988	03964d230265d3bfbf39cb5ea5234990N.exe	38
PID 2988 wrote to memory of 2668	2988	03964d230265d3bfbf39cb5ea5234990N.exe	38
PID 2988 wrote to memory of 2668	2988	03964d230265d3bfbf39cb5ea5234990N.exe	38
PID 1724 wrote to memory of 1668	1724	03964d230265d3bfbf39cb5ea5234990N.exe	39
PID 1724 wrote to memory of 1668	1724	03964d230265d3bfbf39cb5ea5234990N.exe	39
PID 1724 wrote to memory of 1668	1724	03964d230265d3bfbf39cb5ea5234990N.exe	39
PID 1724 wrote to memory of 1668	1724	03964d230265d3bfbf39cb5ea5234990N.exe	39
PID 2648 wrote to memory of 1736	2648	03964d230265d3bfbf39cb5ea5234990N.exe	41
PID 2648 wrote to memory of 1736	2648	03964d230265d3bfbf39cb5ea5234990N.exe	41
PID 2648 wrote to memory of 1736	2648	03964d230265d3bfbf39cb5ea5234990N.exe	41
PID 2648 wrote to memory of 1736	2648	03964d230265d3bfbf39cb5ea5234990N.exe	41
PID 2264 wrote to memory of 2288	2264	03964d230265d3bfbf39cb5ea5234990N.exe	40
PID 2264 wrote to memory of 2288	2264	03964d230265d3bfbf39cb5ea5234990N.exe	40
PID 2264 wrote to memory of 2288	2264	03964d230265d3bfbf39cb5ea5234990N.exe	40
PID 2264 wrote to memory of 2288	2264	03964d230265d3bfbf39cb5ea5234990N.exe	40
PID 2948 wrote to memory of 2780	2948	03964d230265d3bfbf39cb5ea5234990N.exe	43
PID 2948 wrote to memory of 2780	2948	03964d230265d3bfbf39cb5ea5234990N.exe	43
PID 2948 wrote to memory of 2780	2948	03964d230265d3bfbf39cb5ea5234990N.exe	43
PID 2948 wrote to memory of 2780	2948	03964d230265d3bfbf39cb5ea5234990N.exe	43
PID 1696 wrote to memory of 2580	1696	03964d230265d3bfbf39cb5ea5234990N.exe	42
PID 1696 wrote to memory of 2580	1696	03964d230265d3bfbf39cb5ea5234990N.exe	42
PID 1696 wrote to memory of 2580	1696	03964d230265d3bfbf39cb5ea5234990N.exe	42
PID 1696 wrote to memory of 2580	1696	03964d230265d3bfbf39cb5ea5234990N.exe	42
PID 1728 wrote to memory of 1496	1728	03964d230265d3bfbf39cb5ea5234990N.exe	44
PID 1728 wrote to memory of 1496	1728	03964d230265d3bfbf39cb5ea5234990N.exe	44
PID 1728 wrote to memory of 1496	1728	03964d230265d3bfbf39cb5ea5234990N.exe	44
PID 1728 wrote to memory of 1496	1728	03964d230265d3bfbf39cb5ea5234990N.exe	44
PID 2616 wrote to memory of 2184	2616	03964d230265d3bfbf39cb5ea5234990N.exe	45
PID 2616 wrote to memory of 2184	2616	03964d230265d3bfbf39cb5ea5234990N.exe	45
PID 2616 wrote to memory of 2184	2616	03964d230265d3bfbf39cb5ea5234990N.exe	45
PID 2616 wrote to memory of 2184	2616	03964d230265d3bfbf39cb5ea5234990N.exe	45

C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
"C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2948
- C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
  "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2264
- - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
    "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2648
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1724
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1668
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        7⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        8⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        8⤵
        
        PID:7876
        
        C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        8⤵
        
        PID:14160
        
        C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        7⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        7⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        7⤵
        
        PID:11888
        
        C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        7⤵
        
        PID:15820
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        7⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        8⤵
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        8⤵
        
        PID:11044
        
        C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        7⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        7⤵
        
        PID:11076
        
        C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        7⤵
        
        PID:15356
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        7⤵
        
        PID:7752
        
        C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        7⤵
        
        PID:14176
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:5512
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:8640
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:15292
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1960
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        7⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        8⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        8⤵
        
        PID:11976
        
        C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        8⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        7⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        7⤵
        
        PID:11156
        
        C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        7⤵
        
        PID:15520
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        7⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        7⤵
        
        PID:11816
        
        C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        7⤵
        
        PID:4324
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:4736
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:7820
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:13896
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:2284
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        7⤵
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        7⤵
        
        PID:11908
        
        C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        7⤵
        
        PID:15568
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:5136
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:8552
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:15252
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:3372
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:5640
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:11928
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:4500
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:6968
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:13644
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1736
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:936
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        7⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        7⤵
        
        PID:8520
        
        C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        7⤵
        
        PID:14908
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        7⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        7⤵
        
        PID:10984
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:7260
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:11984
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:2524
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:4620
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:6040
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:7792
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:13992
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:4076
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:15528
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:5944
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:11228
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:15788
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2104
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:2680
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        7⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        7⤵
        
        PID:8616
        
        C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        7⤵
        
        PID:15300
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:5628
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:8544
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:12084
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:15552
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:3508
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:6772
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:8512
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:14032
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:4840
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:8448
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:13912
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:2632
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:4092
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:6028
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:6976
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:12624
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:5924
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:8360
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:14040
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:3540
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:6076
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:8456
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:13960
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:4976
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:7828
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:14024
- - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
    "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1728
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1496
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:2100
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        7⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        7⤵
        
        PID:8368
        
        C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        7⤵
        
        PID:13968
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:4376
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:6788
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:11112
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:15348
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:1488
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:4960
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:7656
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:12044
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:15976
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:4252
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:6696
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:12076
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1036
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:2312
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:5072
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:8488
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:14916
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:4260
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:6688
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:13632
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:2484
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:4580
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:7576
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:14200
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:3972
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:7712
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:13768
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:5692
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:11120
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:15512
- - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
    "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2288
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1972
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:1740
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:4908
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:7836
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:14076
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:4180
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:6400
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:8496
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:13920
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:6664
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:12068
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:15804
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:3828
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:7468
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:13888
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:5504
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:8608
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:15268
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:3436
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:5648
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:11060
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:4744
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:7704
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:12020
- - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
    "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2068
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:2604
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:4328
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:15912
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:7444
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:14100
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:3852
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:6824
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:8632
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:15284
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:5556
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:8668
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:15504
- - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
    "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
    3⤵
    PID:1592
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:3780
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:7736
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:14184
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:5320
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:11088
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:3776
- - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
    "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
    3⤵
    PID:3428
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:5740
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:8600
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:13984
- - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
    "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
    3⤵
    PID:4680
- - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
    "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
    3⤵
    PID:7236
- - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
    "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
    3⤵
    PID:13904
- C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
  "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2616
- - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
    "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2988
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2668
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1720
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        7⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        8⤵
        
        PID:7460
        
        C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        8⤵
        
        PID:14216
        
        C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        7⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        7⤵
        
        PID:8376
        
        C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        7⤵
        
        PID:13928
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        7⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        7⤵
        
        PID:11764
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        7⤵
        
        PID:8344
        
        C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        7⤵
        
        PID:14244
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:6796
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:11128
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:4532
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:2888
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        7⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        7⤵
        
        PID:13880
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:5128
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:8504
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:14668
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:3388
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:5412
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:8624
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:15276
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:4524
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:7424
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:11992
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2296
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:2244
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        7⤵
        
        PID:6984
        
        C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        7⤵
        
        PID:12004
        
        C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        7⤵
        
        PID:15576
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:5616
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:11936
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:3500
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:6564
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:11896
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:4832
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:8388
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:14048
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:2152
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:3960
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:7760
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:13872
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:5328
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:8528
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:14660
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:3532
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:6732
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:11880
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:4984
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:7784
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:14192
- - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
    "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1904
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:852
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:3192
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:5256
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:8536
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:13952
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:4408
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:15812
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:7452
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:14208
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:2568
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:4556
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:7416
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:12028
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:4084
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:7920
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:14084
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:5936
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:11964
- - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
    "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2184
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:1952
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:3596
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:7092
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:11144
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:2320
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:5084
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:7800
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:14016
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:3348
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:5588
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:11068
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:15244
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:4508
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:7208
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:13976
- - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
    "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
    3⤵
    PID:860
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:3648
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:7000
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:12060
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:5060
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:8432
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:13936
- - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
    "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
    3⤵
    PID:3380
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:5520
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:11100
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:2792
- - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
    "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
    3⤵
    PID:4516
- - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
    "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
    3⤵
    PID:7400
- - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
    "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
    3⤵
    PID:12036
- C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
  "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1696
- - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
    "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2580
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2492
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:2404
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:5092
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:7808
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:14064
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:4244
      - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        6⤵
        
        PID:15592
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:6704
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:11828
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:15544
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:2508
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:4600
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:7664
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:14168
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:4068
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:7904
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:14092
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:5916
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:7888
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:14000
- - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
    "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2156
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:3160
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:5180
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:8592
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:15260
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:4344
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:7436
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:14232
- - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
    "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
    3⤵
    PID:2612
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:4652
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:6020
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:7776
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:14008
- - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
    "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
    3⤵
    PID:4148
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:6048
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:8352
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:13944
- - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
    "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
    3⤵
    PID:6192
- - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
    "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
    3⤵
    PID:11872
- C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
  "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2780
- - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
    "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1968
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:3228
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:5384
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:8480
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:15164
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:4384
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:6780
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:11136
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:15796
- - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
    "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
    3⤵
    PID:2984
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:4664
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:6580
    - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
        5⤵
        
        PID:11920
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:7244
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:12012
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:15536
- - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
    "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
    3⤵
    PID:4156
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:10088
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:15340
- - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
    "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
    3⤵
    PID:5728
- - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
    "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
    3⤵
    PID:8680
- - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
    "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
    3⤵
    PID:15308
- C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
  "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1480
- - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
    "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
    3⤵
    PID:2488
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:4536
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:7408
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:13652
- - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
    "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
    3⤵
    PID:3844
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:7584
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:14056
- - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
    "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
    3⤵
    PID:5352
- - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
    "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
    3⤵
    PID:8576
- - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
    "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
    3⤵
    PID:3308
- C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
  "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
  2⤵
  PID:2704
- - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
    "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
    3⤵
    PID:4120
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:8464
  - - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
      "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
      4⤵
      PID:2968
- - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
    "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
    3⤵
    PID:5720
- - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
    "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
    3⤵
    PID:11804
- C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
  "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
  2⤵
  PID:3580
- - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
    "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
    3⤵
    PID:6752
- - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
    "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
    3⤵
    PID:11956
- C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
  "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
  2⤵
  PID:4896
- - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
    "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
    3⤵
    PID:6556
- - C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
    "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
    3⤵
    PID:11948
- C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
  "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
  2⤵
  PID:7768
- C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe
  "C:\Users\Admin\AppData\Local\Temp\03964d230265d3bfbf39cb5ea5234990N.exe"
  2⤵
  PID:14224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\russian beastiality trambling [free] leather .mpg.exe

Filesize
1.1MB

MD5
54685a80ce27a6b289d0d313591940f9

SHA1
b54af05fe19a8d0b7a275f869636c9f0fdc0c695

SHA256
aac49f74d0d5e866f918b5ab58e4e4f934c6e0b14a64b2792381c14c75877fad

SHA512
a1739f3acbaafded4d6580233b5c6edd686c5c6ead8e58fb3154d49ece42ca03f2c0cfdab9c1c2b3d9d492161c7f3d4711d8a5aed816b9b623e6c84fb91d1bd0

Download Submit