c537669a24dfc0a6d93c2da23a874b12b78bc6ff6ccb92adc648fc94023989c6

Analysis

max time kernel
23s
max time network
110s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
20/07/2024, 21:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0fdcff5d7da9977c8404266a30c5c9b0N.exe
Size

565KB
MD5

0fdcff5d7da9977c8404266a30c5c9b0
SHA1

90bcd93b68b09605a883b911e17a40e5c7b7c663
SHA256

c537669a24dfc0a6d93c2da23a874b12b78bc6ff6ccb92adc648fc94023989c6
SHA512

9d1cb81224eeb91dd04228dc8d7f517e95a3805d163e746dad84340a6c9bd1f5ecb73b83463a1656d3bc20c90d28602adf0ddc68399c2db267a9eb63fa6895c4
SSDEEP

12288:A//vi9BpDVjj3zDaBRI12SPF2mtEjQSAI2Gt0JNSdP2onU:2w1dj3aBE2SdNtfBG2OdOoU

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	0fdcff5d7da9977c8404266a30c5c9b0N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\E:	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File opened (read-only)	\??\H:	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File opened (read-only)	\??\N:	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File opened (read-only)	\??\S:	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File opened (read-only)	\??\Z:	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File opened (read-only)	\??\J:	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File opened (read-only)	\??\M:	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File opened (read-only)	\??\R:	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File opened (read-only)	\??\T:	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File opened (read-only)	\??\V:	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File opened (read-only)	\??\W:	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File opened (read-only)	\??\X:	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File opened (read-only)	\??\G:	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File opened (read-only)	\??\I:	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File opened (read-only)	\??\A:	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File opened (read-only)	\??\B:	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File opened (read-only)	\??\K:	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File opened (read-only)	\??\L:	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File opened (read-only)	\??\O:	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File opened (read-only)	\??\P:	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File opened (read-only)	\??\Q:	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File opened (read-only)	\??\U:	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File opened (read-only)	\??\Y:	0fdcff5d7da9977c8404266a30c5c9b0N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\trambling [milf] cock .rar.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\lesbian public cock penetration (Liz).mpg.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\sperm [free] .zip.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\gay [bangbus] glans .rar.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\tyrkish fetish horse girls .avi.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\System32\DriverStore\Temp\hardcore full movie ejaculation .avi.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\SysWOW64\IME\shared\danish fetish trambling public cock femdom (Sylvia).avi.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\SysWOW64\IME\shared\russian horse hardcore public (Karin).mpeg.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\brasilian animal sperm voyeur balls .zip.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\fucking masturbation feet balls (Jade).rar.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\danish fetish hardcore lesbian feet castration (Sylvia).zip.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Program Files\DVD Maker\Shared\fucking full movie glans castration .mpg.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Program Files (x86)\Google\Update\Download\italian beastiality bukkake uncut circumcision .mpg.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Program Files\Windows Journal\Templates\black handjob fucking girls girly .avi.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\danish handjob lingerie hidden .avi.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\beast hidden castration .avi.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\blowjob catfight .zip.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\tyrkish beastiality sperm uncut titts shower .rar.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\russian cumshot fucking licking titts circumcision (Sarah).avi.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\danish gang bang blowjob voyeur hole (Kathrin,Melissa).zip.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\horse several models ìï (Anniston,Melissa).zip.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Program Files (x86)\Google\Temp\japanese action lingerie big .mpeg.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\tyrkish porn sperm licking feet young .rar.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\japanese horse gay full movie (Melissa).mpg.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\tyrkish handjob lesbian hot (!) .mpeg.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\gay masturbation cock traffic .mpg.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\fucking licking titts balls .rar.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\winsxs\InstallTemp\italian beastiality horse hot (!) shower .rar.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\german gay masturbation redhair .mpg.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\asian xxx [free] cock bedroom .mpg.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\spanish lingerie lesbian shoes .mpg.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\canadian beast licking (Sarah).avi.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\tyrkish nude beast licking glans .mpg.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\american handjob gay full movie 50+ (Jenna,Janette).mpeg.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\danish action sperm licking femdom .mpeg.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\american handjob hardcore voyeur castration .avi.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\black beastiality sperm big (Jade).avi.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\american beastiality blowjob lesbian ash .mpg.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\blowjob masturbation girly .mpeg.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\xxx uncut (Janette).zip.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\american action lesbian catfight mature .mpg.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\tyrkish action beast lesbian .zip.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\spanish fucking public stockings .zip.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\african sperm licking boots (Sandy,Liz).avi.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\italian fetish blowjob hidden young .mpeg.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\kicking sperm big titts black hairunshaved .zip.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\indian fetish trambling hidden sm (Sandy,Melissa).rar.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\canadian xxx full movie sm (Ashley,Liz).mpeg.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\chinese lingerie catfight shower .avi.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\gay uncut glans ash (Samantha).mpeg.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\asian fucking hot (!) shoes .rar.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\russian horse horse licking (Tatjana).zip.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\lingerie girls feet boots .rar.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\british trambling masturbation cock fishy .rar.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\spanish trambling [free] mature .mpeg.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\horse uncut glans .mpeg.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\lesbian sleeping girly .mpeg.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\russian cum bukkake several models feet .mpeg.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\winsxs\Temp\sperm voyeur sm .mpg.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\fetish lingerie [free] YEâPSè& .mpg.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\SoftwareDistribution\Download\horse several models (Jade).mpeg.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\african beast girls penetration .avi.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\french fucking sleeping cock .zip.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\swedish handjob xxx sleeping young .rar.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\xxx several models feet .avi.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\swedish horse trambling public .mpg.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\beastiality sperm several models glans .avi.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\xxx [milf] .rar.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\PLA\Templates\brasilian beastiality xxx full movie cock girly .avi.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\black fetish lingerie girls .avi.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\russian gang bang trambling sleeping sm .rar.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\assembly\temp\bukkake hot (!) (Liz).zip.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\porn sperm big feet .avi.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\trambling hot (!) femdom .mpg.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\russian cum fucking catfight .rar.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\lesbian several models glans penetration .avi.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\xxx [bangbus] hole .zip.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\fucking sleeping (Melissa).mpeg.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\canadian lingerie [free] high heels .mpg.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\italian kicking blowjob masturbation pregnant .mpeg.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\beast catfight .zip.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\italian beastiality lingerie [bangbus] .mpg.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\tyrkish porn horse girls ejaculation .mpg.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\french hardcore masturbation titts .rar.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\assembly\tmp\danish kicking blowjob lesbian (Melissa).mpeg.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\beast full movie feet gorgeoushorny (Tatjana).rar.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\asian horse uncut mature .avi.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\blowjob full movie cock circumcision .mpeg.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\tyrkish horse beast [free] .avi.exe	0fdcff5d7da9977c8404266a30c5c9b0N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2876	0fdcff5d7da9977c8404266a30c5c9b0N.exe
1640	0fdcff5d7da9977c8404266a30c5c9b0N.exe
2876	0fdcff5d7da9977c8404266a30c5c9b0N.exe
2324	0fdcff5d7da9977c8404266a30c5c9b0N.exe
2416	0fdcff5d7da9977c8404266a30c5c9b0N.exe
1640	0fdcff5d7da9977c8404266a30c5c9b0N.exe
2876	0fdcff5d7da9977c8404266a30c5c9b0N.exe
2832	0fdcff5d7da9977c8404266a30c5c9b0N.exe
2324	0fdcff5d7da9977c8404266a30c5c9b0N.exe
2804	0fdcff5d7da9977c8404266a30c5c9b0N.exe
2824	0fdcff5d7da9977c8404266a30c5c9b0N.exe
2932	0fdcff5d7da9977c8404266a30c5c9b0N.exe
1640	0fdcff5d7da9977c8404266a30c5c9b0N.exe
2416	0fdcff5d7da9977c8404266a30c5c9b0N.exe
2876	0fdcff5d7da9977c8404266a30c5c9b0N.exe
2664	0fdcff5d7da9977c8404266a30c5c9b0N.exe
2704	0fdcff5d7da9977c8404266a30c5c9b0N.exe
2288	0fdcff5d7da9977c8404266a30c5c9b0N.exe
2832	0fdcff5d7da9977c8404266a30c5c9b0N.exe
1268	0fdcff5d7da9977c8404266a30c5c9b0N.exe
2324	0fdcff5d7da9977c8404266a30c5c9b0N.exe
1272	0fdcff5d7da9977c8404266a30c5c9b0N.exe
112	0fdcff5d7da9977c8404266a30c5c9b0N.exe
2804	0fdcff5d7da9977c8404266a30c5c9b0N.exe
1780	0fdcff5d7da9977c8404266a30c5c9b0N.exe
2824	0fdcff5d7da9977c8404266a30c5c9b0N.exe
1104	0fdcff5d7da9977c8404266a30c5c9b0N.exe
1640	0fdcff5d7da9977c8404266a30c5c9b0N.exe
2932	0fdcff5d7da9977c8404266a30c5c9b0N.exe
2416	0fdcff5d7da9977c8404266a30c5c9b0N.exe
2876	0fdcff5d7da9977c8404266a30c5c9b0N.exe
2472	0fdcff5d7da9977c8404266a30c5c9b0N.exe
2164	0fdcff5d7da9977c8404266a30c5c9b0N.exe
620	0fdcff5d7da9977c8404266a30c5c9b0N.exe
1080	0fdcff5d7da9977c8404266a30c5c9b0N.exe
2664	0fdcff5d7da9977c8404266a30c5c9b0N.exe
1904	0fdcff5d7da9977c8404266a30c5c9b0N.exe
1748	0fdcff5d7da9977c8404266a30c5c9b0N.exe
2704	0fdcff5d7da9977c8404266a30c5c9b0N.exe
1268	0fdcff5d7da9977c8404266a30c5c9b0N.exe
1952	0fdcff5d7da9977c8404266a30c5c9b0N.exe
2288	0fdcff5d7da9977c8404266a30c5c9b0N.exe
2832	0fdcff5d7da9977c8404266a30c5c9b0N.exe
1520	0fdcff5d7da9977c8404266a30c5c9b0N.exe
2324	0fdcff5d7da9977c8404266a30c5c9b0N.exe
1888	0fdcff5d7da9977c8404266a30c5c9b0N.exe
1980	0fdcff5d7da9977c8404266a30c5c9b0N.exe
344	0fdcff5d7da9977c8404266a30c5c9b0N.exe
1944	0fdcff5d7da9977c8404266a30c5c9b0N.exe
2804	0fdcff5d7da9977c8404266a30c5c9b0N.exe
1664	0fdcff5d7da9977c8404266a30c5c9b0N.exe
1272	0fdcff5d7da9977c8404266a30c5c9b0N.exe
2380	0fdcff5d7da9977c8404266a30c5c9b0N.exe
112	0fdcff5d7da9977c8404266a30c5c9b0N.exe
600	0fdcff5d7da9977c8404266a30c5c9b0N.exe
600	0fdcff5d7da9977c8404266a30c5c9b0N.exe
1780	0fdcff5d7da9977c8404266a30c5c9b0N.exe
1780	0fdcff5d7da9977c8404266a30c5c9b0N.exe
2824	0fdcff5d7da9977c8404266a30c5c9b0N.exe
2824	0fdcff5d7da9977c8404266a30c5c9b0N.exe
1048	0fdcff5d7da9977c8404266a30c5c9b0N.exe
1048	0fdcff5d7da9977c8404266a30c5c9b0N.exe
1104	0fdcff5d7da9977c8404266a30c5c9b0N.exe
1104	0fdcff5d7da9977c8404266a30c5c9b0N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2876 wrote to memory of 1640	2876	0fdcff5d7da9977c8404266a30c5c9b0N.exe	30
PID 2876 wrote to memory of 1640	2876	0fdcff5d7da9977c8404266a30c5c9b0N.exe	30
PID 2876 wrote to memory of 1640	2876	0fdcff5d7da9977c8404266a30c5c9b0N.exe	30
PID 2876 wrote to memory of 1640	2876	0fdcff5d7da9977c8404266a30c5c9b0N.exe	30
PID 1640 wrote to memory of 2324	1640	0fdcff5d7da9977c8404266a30c5c9b0N.exe	31
PID 1640 wrote to memory of 2324	1640	0fdcff5d7da9977c8404266a30c5c9b0N.exe	31
PID 1640 wrote to memory of 2324	1640	0fdcff5d7da9977c8404266a30c5c9b0N.exe	31
PID 1640 wrote to memory of 2324	1640	0fdcff5d7da9977c8404266a30c5c9b0N.exe	31
PID 2876 wrote to memory of 2416	2876	0fdcff5d7da9977c8404266a30c5c9b0N.exe	32
PID 2876 wrote to memory of 2416	2876	0fdcff5d7da9977c8404266a30c5c9b0N.exe	32
PID 2876 wrote to memory of 2416	2876	0fdcff5d7da9977c8404266a30c5c9b0N.exe	32
PID 2876 wrote to memory of 2416	2876	0fdcff5d7da9977c8404266a30c5c9b0N.exe	32
PID 2324 wrote to memory of 2832	2324	0fdcff5d7da9977c8404266a30c5c9b0N.exe	33
PID 2324 wrote to memory of 2832	2324	0fdcff5d7da9977c8404266a30c5c9b0N.exe	33
PID 2324 wrote to memory of 2832	2324	0fdcff5d7da9977c8404266a30c5c9b0N.exe	33
PID 2324 wrote to memory of 2832	2324	0fdcff5d7da9977c8404266a30c5c9b0N.exe	33
PID 1640 wrote to memory of 2804	1640	0fdcff5d7da9977c8404266a30c5c9b0N.exe	34
PID 1640 wrote to memory of 2804	1640	0fdcff5d7da9977c8404266a30c5c9b0N.exe	34
PID 1640 wrote to memory of 2804	1640	0fdcff5d7da9977c8404266a30c5c9b0N.exe	34
PID 1640 wrote to memory of 2804	1640	0fdcff5d7da9977c8404266a30c5c9b0N.exe	34
PID 2416 wrote to memory of 2824	2416	0fdcff5d7da9977c8404266a30c5c9b0N.exe	35
PID 2416 wrote to memory of 2824	2416	0fdcff5d7da9977c8404266a30c5c9b0N.exe	35
PID 2416 wrote to memory of 2824	2416	0fdcff5d7da9977c8404266a30c5c9b0N.exe	35
PID 2416 wrote to memory of 2824	2416	0fdcff5d7da9977c8404266a30c5c9b0N.exe	35
PID 2876 wrote to memory of 2932	2876	0fdcff5d7da9977c8404266a30c5c9b0N.exe	36
PID 2876 wrote to memory of 2932	2876	0fdcff5d7da9977c8404266a30c5c9b0N.exe	36
PID 2876 wrote to memory of 2932	2876	0fdcff5d7da9977c8404266a30c5c9b0N.exe	36
PID 2876 wrote to memory of 2932	2876	0fdcff5d7da9977c8404266a30c5c9b0N.exe	36
PID 2832 wrote to memory of 2664	2832	0fdcff5d7da9977c8404266a30c5c9b0N.exe	37
PID 2832 wrote to memory of 2664	2832	0fdcff5d7da9977c8404266a30c5c9b0N.exe	37
PID 2832 wrote to memory of 2664	2832	0fdcff5d7da9977c8404266a30c5c9b0N.exe	37
PID 2832 wrote to memory of 2664	2832	0fdcff5d7da9977c8404266a30c5c9b0N.exe	37
PID 2324 wrote to memory of 2704	2324	0fdcff5d7da9977c8404266a30c5c9b0N.exe	38
PID 2324 wrote to memory of 2704	2324	0fdcff5d7da9977c8404266a30c5c9b0N.exe	38
PID 2324 wrote to memory of 2704	2324	0fdcff5d7da9977c8404266a30c5c9b0N.exe	38
PID 2324 wrote to memory of 2704	2324	0fdcff5d7da9977c8404266a30c5c9b0N.exe	38
PID 2804 wrote to memory of 2288	2804	0fdcff5d7da9977c8404266a30c5c9b0N.exe	39
PID 2804 wrote to memory of 2288	2804	0fdcff5d7da9977c8404266a30c5c9b0N.exe	39
PID 2804 wrote to memory of 2288	2804	0fdcff5d7da9977c8404266a30c5c9b0N.exe	39
PID 2804 wrote to memory of 2288	2804	0fdcff5d7da9977c8404266a30c5c9b0N.exe	39
PID 2824 wrote to memory of 1268	2824	0fdcff5d7da9977c8404266a30c5c9b0N.exe	40
PID 2824 wrote to memory of 1268	2824	0fdcff5d7da9977c8404266a30c5c9b0N.exe	40
PID 2824 wrote to memory of 1268	2824	0fdcff5d7da9977c8404266a30c5c9b0N.exe	40
PID 2824 wrote to memory of 1268	2824	0fdcff5d7da9977c8404266a30c5c9b0N.exe	40
PID 1640 wrote to memory of 1272	1640	0fdcff5d7da9977c8404266a30c5c9b0N.exe	41
PID 1640 wrote to memory of 1272	1640	0fdcff5d7da9977c8404266a30c5c9b0N.exe	41
PID 1640 wrote to memory of 1272	1640	0fdcff5d7da9977c8404266a30c5c9b0N.exe	41
PID 1640 wrote to memory of 1272	1640	0fdcff5d7da9977c8404266a30c5c9b0N.exe	41
PID 2932 wrote to memory of 112	2932	0fdcff5d7da9977c8404266a30c5c9b0N.exe	42
PID 2932 wrote to memory of 112	2932	0fdcff5d7da9977c8404266a30c5c9b0N.exe	42
PID 2932 wrote to memory of 112	2932	0fdcff5d7da9977c8404266a30c5c9b0N.exe	42
PID 2932 wrote to memory of 112	2932	0fdcff5d7da9977c8404266a30c5c9b0N.exe	42
PID 2416 wrote to memory of 1780	2416	0fdcff5d7da9977c8404266a30c5c9b0N.exe	43
PID 2416 wrote to memory of 1780	2416	0fdcff5d7da9977c8404266a30c5c9b0N.exe	43
PID 2416 wrote to memory of 1780	2416	0fdcff5d7da9977c8404266a30c5c9b0N.exe	43
PID 2416 wrote to memory of 1780	2416	0fdcff5d7da9977c8404266a30c5c9b0N.exe	43
PID 2876 wrote to memory of 1104	2876	0fdcff5d7da9977c8404266a30c5c9b0N.exe	44
PID 2876 wrote to memory of 1104	2876	0fdcff5d7da9977c8404266a30c5c9b0N.exe	44
PID 2876 wrote to memory of 1104	2876	0fdcff5d7da9977c8404266a30c5c9b0N.exe	44
PID 2876 wrote to memory of 1104	2876	0fdcff5d7da9977c8404266a30c5c9b0N.exe	44
PID 2664 wrote to memory of 2472	2664	0fdcff5d7da9977c8404266a30c5c9b0N.exe	45
PID 2664 wrote to memory of 2472	2664	0fdcff5d7da9977c8404266a30c5c9b0N.exe	45
PID 2664 wrote to memory of 2472	2664	0fdcff5d7da9977c8404266a30c5c9b0N.exe	45
PID 2664 wrote to memory of 2472	2664	0fdcff5d7da9977c8404266a30c5c9b0N.exe	45

C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
"C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2876
- C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1640
- - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2324
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2832
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2664
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        9⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        10⤵
        
        PID:10196
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        10⤵
        
        PID:22792
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        9⤵
        
        PID:8252
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        10⤵
        
        PID:16432
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        9⤵
        
        PID:15112
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        9⤵
        
        PID:9100
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        10⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        9⤵
        
        PID:15812
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        9⤵
        
        PID:19372
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:11292
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        9⤵
        
        PID:19396
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:21208
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        9⤵
        
        PID:10692
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        9⤵
        
        PID:22776
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:8388
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        9⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:16724
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:9180
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:22492
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:7516
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:12104
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:18592
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:236
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        9⤵
        
        PID:10964
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        9⤵
        
        PID:22768
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:8556
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:14496
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:9612
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        9⤵
        
        PID:21548
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:22560
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:7796
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:19476
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:10564
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:7284
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:11072
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:8516
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:17900
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:12856
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:22840
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:9688
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:17908
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:7788
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:10684
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:19684
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1080
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        9⤵
        
        PID:10912
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        9⤵
        
        PID:21456
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:8532
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        9⤵
        
        PID:22416
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:12848
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:22832
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:9668
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        9⤵
        
        PID:20872
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:22544
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:19484
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:12072
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:19732
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:11064
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:21384
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:8740
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:17884
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:14512
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:9652
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:22080
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:21352
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:7780
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:19156
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:10556
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:1512
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:19116
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:11028
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:21400
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:11520
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:19340
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:19644
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:9048
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:15852
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:3816
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:11696
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:1936
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:9056
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:3096
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:22272
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:5444
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:10180
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:22696
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:8228
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:20384
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:15028
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2704
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2164
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        9⤵
        
        PID:10996
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        9⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:8396
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        9⤵
        
        PID:22280
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:15012
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:9168
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        9⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:17932
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:7556
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:19572
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:12184
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:19820
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:10336
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        9⤵
        
        PID:21272
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:21432
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:8524
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:21636
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:12864
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:22584
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:9620
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:752
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:7804
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:10572
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:22824
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:3020
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:7584
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:12096
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:17916
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:12716
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:21320
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:9320
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:21224
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:22352
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:3856
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:12740
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:21368
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:9256
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:19452
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:22468
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:5792
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:12540
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:22688
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:8692
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:21956
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1748
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:2732
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:12592
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:21448
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:9224
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:22460
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:10368
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:21524
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:21344
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:8168
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:16424
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:3696
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:11568
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:19540
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:21392
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:8708
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:14560
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:5356
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:10152
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:22308
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:21424
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:7952
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:12788
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:21360
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:12780
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:22592
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:2764
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:4180
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:7428
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:11276
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:22120
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:2220
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:6304
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:16532
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:9304
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:4500
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:22204
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:3848
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:6156
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:11688
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:22404
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:9340
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:15764
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:5492
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:10188
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:20820
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:23048
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:8244
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:22316
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:15120
- - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2804
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2288
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:620
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        9⤵
        
        PID:10548
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        9⤵
        
        PID:22744
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:8564
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        9⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:14540
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:9404
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        9⤵
        
        PID:21408
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:15912
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:7740
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:19444
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:10620
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:22800
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:11112
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:22664
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:8716
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:22136
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:22112
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:9660
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:6092
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:19516
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:12760
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:21328
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:2728
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:11128
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:22712
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:11500
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:9016
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:20864
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:14488
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:3828
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:12112
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:22524
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:2080
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:9072
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:7332
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:15820
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:5468
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:10360
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:21288
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:8236
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:15084
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1952
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:2236
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:8756
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:21876
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:7180
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:11208
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:21240
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:4140
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:7324
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:19356
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:11300
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:21304
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:6252
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:12692
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:19708
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:9364
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:20836
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:15796
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:2680
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:4564
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:12800
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:17924
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:12816
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:7104
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:6640
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:12992
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:22680
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:10400
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:20804
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:7040
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:3912
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:6656
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:19524
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:11216
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:22288
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:21556
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:5948
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:11540
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:19724
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:8764
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:22104
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:22188
- - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1272
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1980
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:816
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:8608
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:21888
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:19420
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:10980
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:19652
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:4132
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:19348
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:11136
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:19508
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:7100
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:6260
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:12212
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:22856
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:9296
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:22220
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:2652
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:4852
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:8732
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:21904
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:7148
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:10508
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:19676
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:4072
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:7028
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:19500
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:11036
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:19620
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:6060
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:12192
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:17940
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:9080
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:19892
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:15828
- - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1664
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:2596
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:4480
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:7704
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:10536
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:22752
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:6572
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:15920
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:9804
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:21416
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:3872
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:6284
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:15340
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:9748
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:22516
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:22632
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:5840
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:11576
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:19628
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:8668
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:2564
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:15020
- - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
    3⤵
    PID:3140
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:5020
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:8916
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:1900
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:7236
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:19564
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:11144
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:22816
- - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
    3⤵
    PID:4504
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:7732
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:10392
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:22576
- - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
    3⤵
    PID:6532
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:12832
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:22784
- - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
    3⤵
    PID:9820
- - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
    3⤵
    PID:6216
- C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2416
- - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2824
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1268
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1904
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        9⤵
        
        PID:11484
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        9⤵
        
        PID:22568
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:8660
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        9⤵
        
        PID:21740
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:22072
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:10292
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        9⤵
        
        PID:20812
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:8088
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:14480
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:12576
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:22640
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:8924
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:22228
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:14524
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:10320
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:21440
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:8144
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:3580
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:15096
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:2608
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:7404
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:19308
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:11284
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:21312
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:12708
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:19700
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:9312
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:22212
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:3864
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:12124
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:22720
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:9348
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:21480
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:17876
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:5816
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:11460
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:19412
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:8676
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:21604
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:21128
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1888
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:2616
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:7716
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:19324
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:11004
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:19636
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:13016
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:19668
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:9756
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:22600
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:3880
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:12204
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:22848
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:9372
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:15640
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:5832
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:11492
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:19380
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:22736
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:8684
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:19124
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:15072
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:1340
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:4804
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:8632
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:19468
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:14532
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:7116
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:10932
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:4148
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:7396
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:11268
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:7424
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:6268
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:12700
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:19716
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:9356
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:15788
- - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1780
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:344
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:1476
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:8600
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:21972
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:7132
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:10956
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:22616
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:4080
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:19316
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:10940
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:7392
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:6176
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:11708
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:9232
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:22196
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:1096
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:4964
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:8996
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:14504
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:7220
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:19404
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:11184
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:19532
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:21232
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:4064
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:6984
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:11044
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:23032
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:6112
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:12088
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:9064
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:15836
- - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:600
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:3116
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:4992
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:8900
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:3768
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:20544
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:7244
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:11152
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:22096
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:22624
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:4444
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:7656
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:12840
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:6812
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:12808
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:5744
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:6516
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:12980
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:22864
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:9764
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:21508
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:23040
- - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
    3⤵
    PID:3108
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:4944
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:8908
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:1732
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:7188
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:19492
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:11192
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:21280
- - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
    3⤵
    PID:4420
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:7608
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:19436
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:12732
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:19692
- - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
    3⤵
    PID:6500
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:12956
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:22656
- - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
    3⤵
    PID:9772
- - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
    3⤵
    PID:6140
- C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2932
- - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:112
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1520
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:2660
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:7624
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:21696
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:12748
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:21336
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:19332
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:9796
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:21472
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:18568
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:3904
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:12016
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        8⤵
        
        PID:19904
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:21540
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:9732
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:21248
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:22608
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:5824
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:11648
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:21488
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:8700
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:15780
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:14568
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:2204
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:4776
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:8624
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:14548
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:7076
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:10904
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:22648
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:4088
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:7256
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:19548
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:11232
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:22364
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:21496
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:6168
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:12652
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:22128
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:21532
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:9248
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:22088
- - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2380
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:536
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:4888
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:8932
        
        C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        7⤵
        
        PID:22508
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:14460
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:7172
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:19388
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:11176
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:21256
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:4124
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:7124
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:19460
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:11020
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:19660
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:6192
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:12080
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:3052
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:9240
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:21516
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:22476
- - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
    3⤵
    PID:3152
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:5032
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:8980
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:22500
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:15128
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:7272
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:11224
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:21296
- - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
    3⤵
    PID:4520
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:7752
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:10612
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:22760
- - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
    3⤵
    PID:6548
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:12972
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:22704
- - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
    3⤵
    PID:9828
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:20848
- - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
    3⤵
    PID:6352
- C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1104
- - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1944
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:780
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:4840
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:8776
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:15000
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:7140
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:19556
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:10948
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:22552
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:2360
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:7044
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:10988
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:22872
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:6184
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:12684
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:21376
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:9212
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:2928
- - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
    3⤵
    PID:3128
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:5004
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:8972
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:14468
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:7228
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:11200
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:20856
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:21264
- - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
    3⤵
    PID:4512
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:8032
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:15104
- - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
    3⤵
    PID:6540
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:15772
- - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
    3⤵
    PID:9836
- - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
    3⤵
    PID:22672
- C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1048
- - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
    3⤵
    PID:3388
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:5052
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:9204
      - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        6⤵
        
        PID:19364
    - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
        5⤵
        
        PID:22484
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:7296
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:11120
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:6664
- - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
    3⤵
    PID:4528
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:7920
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:12584
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:21464
- - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
    3⤵
    PID:6580
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:13072
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:22536
- - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
    3⤵
    PID:9812
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:20828
- - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
    3⤵
    PID:21140
- C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
  2⤵
  PID:3080
- - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
    3⤵
    PID:4932
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:9112
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:15804
- - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
    3⤵
    PID:7196
- - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
    3⤵
    PID:11012
- - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
    3⤵
    PID:7592
- C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
  2⤵
  PID:4380
- - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
    3⤵
    PID:7636
  - - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
      "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
      4⤵
      PID:19428
- - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
    3⤵
    PID:12824
- - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
    3⤵
    PID:22808
- C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
  2⤵
  PID:6508
- - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
    3⤵
    PID:12724
- - C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
    3⤵
    PID:18776
- C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
  2⤵
  PID:9740
- C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe
  "C:\Users\Admin\AppData\Local\Temp\0fdcff5d7da9977c8404266a30c5c9b0N.exe"
  2⤵
  PID:17892

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\russian cumshot fucking licking titts circumcision (Sarah).avi.exe

Filesize
151KB

MD5
e6b7c230f157d5d28b48c68cdde939d1

SHA1
fa46eb362beb69f0c8f90c839d8af78072775304

SHA256
7526c18eeb6dfb628ae3f06e889c150d9a3ebfab087c111bba1362c6eed9ba16

SHA512
8e447d6b17b37c02c5b837a1c9eec492211ff33c32cab79b91f72417fa50287771c90c2ac9e6358c16fad6f7226b625606d73f0191d674e65427305fa6126133

Download Submit
C:\debug.txt

Filesize
183B

MD5
cf6e86b6dafb9e24e51c6673c72a5e45

SHA1
698bf8e22d43342a25521dd04422e96a2e381044

SHA256
6632fdc988c647d7db715e069a5fb1a5db8dc4769119d3ff7e872c3d83a89163

SHA512
16b60d221c63e8047158a0b6a492e8cf3259e5f1d4e96b851c4b1d1b15c3072b8a8f1bdb4d75d2de59273e50e205e3b965e8dc583603fcbb8ba2839d73f902df

Download Submit