9cf4e4dfbb67ba2cd7c4d438859277c3a0b98e2968b980264978b1cdf7618f61

Analysis

max time kernel
118s
max time network
87s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
20/07/2024, 05:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

56a3cdc561f2e417d9e01026d778f3d0N.exe
Size

465KB
MD5

56a3cdc561f2e417d9e01026d778f3d0
SHA1

5d4a55b0e35cee9255b66fc05508676c7f1000cd
SHA256

9cf4e4dfbb67ba2cd7c4d438859277c3a0b98e2968b980264978b1cdf7618f61
SHA512

3f72ec69f8660e9522e7aad88bc8517e634d83f5ccf129a326259ddfb993a487e6061e5b64eed522e1a05676d94214340d9adba1bdbf1a626ea50d6658b8ecea
SSDEEP

12288:bEQoSx0qFM/8jX1kI+RI8lxCRowKD11T0iN33WfJ7:bHM87eI+umxCG1hm7J7

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 59 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3028-0-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/files/0x0007000000018bc7-5.dat	upx
behavioral1/memory/552-65-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/2080-90-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/2396-92-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/1080-94-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/2792-96-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/2596-95-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/1920-97-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/772-99-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/1720-101-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/1972-104-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/2084-103-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/1632-102-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/2824-100-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/1880-106-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/2964-108-0x00000000050B0000-0x00000000050D9000-memory.dmp	upx
behavioral1/memory/1808-109-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/848-110-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/1880-114-0x0000000004DE0000-0x0000000004E09000-memory.dmp	upx
behavioral1/memory/2024-113-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/2532-115-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/896-118-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/1596-122-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/1324-120-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/2836-124-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/2940-127-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/1960-130-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/1936-132-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/2888-141-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/2116-140-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/2028-142-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/2580-144-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/2716-147-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/3020-148-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/1924-152-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/3096-155-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/3108-156-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/3168-159-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/3256-164-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/3028-163-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/552-166-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/2396-169-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/2080-168-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/3376-171-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/3384-172-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/1080-173-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/2596-174-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/2792-175-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/1920-176-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/3540-179-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/772-178-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/2964-180-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/3608-182-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/2824-181-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/1632-183-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/2084-184-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/1972-185-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/1880-186-0x0000000000400000-0x0000000000429000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	56a3cdc561f2e417d9e01026d778f3d0N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\I:	56a3cdc561f2e417d9e01026d778f3d0N.exe
File opened (read-only)	\??\O:	56a3cdc561f2e417d9e01026d778f3d0N.exe
File opened (read-only)	\??\P:	56a3cdc561f2e417d9e01026d778f3d0N.exe
File opened (read-only)	\??\Q:	56a3cdc561f2e417d9e01026d778f3d0N.exe
File opened (read-only)	\??\Y:	56a3cdc561f2e417d9e01026d778f3d0N.exe
File opened (read-only)	\??\Z:	56a3cdc561f2e417d9e01026d778f3d0N.exe
File opened (read-only)	\??\A:	56a3cdc561f2e417d9e01026d778f3d0N.exe
File opened (read-only)	\??\E:	56a3cdc561f2e417d9e01026d778f3d0N.exe
File opened (read-only)	\??\G:	56a3cdc561f2e417d9e01026d778f3d0N.exe
File opened (read-only)	\??\J:	56a3cdc561f2e417d9e01026d778f3d0N.exe
File opened (read-only)	\??\L:	56a3cdc561f2e417d9e01026d778f3d0N.exe
File opened (read-only)	\??\M:	56a3cdc561f2e417d9e01026d778f3d0N.exe
File opened (read-only)	\??\S:	56a3cdc561f2e417d9e01026d778f3d0N.exe
File opened (read-only)	\??\H:	56a3cdc561f2e417d9e01026d778f3d0N.exe
File opened (read-only)	\??\T:	56a3cdc561f2e417d9e01026d778f3d0N.exe
File opened (read-only)	\??\X:	56a3cdc561f2e417d9e01026d778f3d0N.exe
File opened (read-only)	\??\B:	56a3cdc561f2e417d9e01026d778f3d0N.exe
File opened (read-only)	\??\K:	56a3cdc561f2e417d9e01026d778f3d0N.exe
File opened (read-only)	\??\N:	56a3cdc561f2e417d9e01026d778f3d0N.exe
File opened (read-only)	\??\R:	56a3cdc561f2e417d9e01026d778f3d0N.exe
File opened (read-only)	\??\U:	56a3cdc561f2e417d9e01026d778f3d0N.exe
File opened (read-only)	\??\V:	56a3cdc561f2e417d9e01026d778f3d0N.exe
File opened (read-only)	\??\W:	56a3cdc561f2e417d9e01026d778f3d0N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\Temp\nude big redhair (Samantha,Sylvia).mpeg.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\nude lesbian legs bedroom .mpeg.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\malaysia beast lesbian feet swallow (Melissa).zip.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\swedish bukkake licking (Gina).avi.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\spanish bukkake horse [bangbus] titts .rar.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\gang bang voyeur penetration .mpeg.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\nude porn hidden boobs mature .zip.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\SysWOW64\IME\shared\bukkake [milf] black hairunshaved .mpeg.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\danish fucking lesbian girls sm .avi.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\SysWOW64\IME\shared\chinese nude handjob masturbation swallow .mpg.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Google\Update\Download\african action catfight .rar.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\italian fetish cumshot sleeping boobs .rar.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\canadian kicking public boobs (Janette,Sarah).mpeg.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\action several models hotel (Anniston,Jade).mpg.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Program Files\Windows Journal\Templates\beast licking .mpeg.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\american beast trambling big cock fishy .mpg.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\norwegian lingerie lesbian public .rar.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Program Files (x86)\Google\Temp\black trambling hot (!) mature .zip.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\fucking lesbian cock gorgeoushorny (Janette,Sylvia).avi.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\african horse [milf] glans latex .mpg.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\swedish fucking hidden legs shoes (Samantha).zip.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\german nude blowjob [milf] titts .zip.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Program Files\DVD Maker\Shared\indian handjob [milf] .zip.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\indian nude hidden ash shower .avi.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\japanese action porn licking hotel (Melissa).rar.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\german porn hot (!) feet latex .mpeg.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\handjob [milf] hairy (Karin).zip.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\fucking xxx hot (!) .avi.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\malaysia lesbian porn [bangbus] feet (Sandy).zip.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\sperm horse several models blondie (Kathrin,Sandy).avi.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\danish nude uncut legs gorgeoushorny .rar.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\spanish blowjob bukkake uncut legs granny (Sylvia,Anniston).mpg.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\norwegian nude lingerie uncut blondie (Tatjana).zip.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\assembly\temp\animal hardcore hot (!) hairy (Melissa).mpeg.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\american horse big .avi.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\german beastiality lesbian [milf] high heels .zip.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\brasilian bukkake [bangbus] ash .mpeg.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\winsxs\InstallTemp\american fucking lingerie uncut shower .mpeg.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\gay masturbation hole shoes .zip.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\cum trambling catfight hole .rar.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\bukkake voyeur vagina ejaculation (Melissa).avi.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\brasilian animal kicking hidden hole bondage .avi.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\porn catfight .avi.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\swedish nude [free] traffic .mpeg.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\porn cumshot big shower .zip.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\tyrkish kicking uncut .mpeg.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\russian lingerie fetish voyeur balls .mpeg.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\brasilian beastiality lesbian legs (Sandy,Janette).mpeg.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\mssrv.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\bukkake blowjob sleeping swallow .mpeg.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\russian porn porn several models high heels .mpeg.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\american handjob action full movie penetration .avi.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\trambling big stockings .zip.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\canadian action licking .mpg.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\lesbian several models granny .mpeg.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\spanish blowjob animal voyeur girly .zip.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\bukkake full movie nipples young (Janette).avi.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\asian beast big beautyfull .mpeg.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\beastiality voyeur .zip.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\handjob several models bondage .mpeg.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\PLA\Templates\german xxx bukkake several models YEâPSè& .avi.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\kicking several models shoes (Sonja).rar.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\russian blowjob girls (Anniston,Karin).mpeg.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\cum licking .mpg.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\fetish hardcore hot (!) cock .zip.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\Downloaded Program Files\american fucking [milf] swallow .mpg.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\swedish fetish [bangbus] .mpg.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\porn kicking public (Jenna,Sonja).mpg.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\brasilian cum lesbian (Anniston,Jade).mpeg.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\malaysia kicking kicking catfight castration .avi.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\french fetish sleeping circumcision .mpg.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\animal sperm lesbian gorgeoushorny (Sarah,Sandy).mpg.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\blowjob fetish [milf] .avi.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\gay gang bang catfight mature (Sarah,Britney).rar.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\cumshot [milf] mature (Tatjana,Liz).mpeg.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\asian hardcore catfight lady .rar.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\italian sperm girls hole (Liz,Anniston).zip.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\black bukkake kicking lesbian .rar.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\security\templates\spanish action lesbian catfight vagina .mpeg.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\bukkake fucking lesbian 50+ .rar.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\norwegian kicking several models vagina .mpeg.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\black kicking uncut .mpg.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\british sperm fetish public .zip.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\action uncut nipples traffic .mpg.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\norwegian gay [free] hole lady .zip.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\black lingerie sleeping feet ìï .mpg.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\german handjob masturbation boobs .zip.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\cumshot public cock .zip.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\nude beastiality licking hole mature (Melissa,Karin).mpg.exe	56a3cdc561f2e417d9e01026d778f3d0N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3028	56a3cdc561f2e417d9e01026d778f3d0N.exe
552	56a3cdc561f2e417d9e01026d778f3d0N.exe
3028	56a3cdc561f2e417d9e01026d778f3d0N.exe
2080	56a3cdc561f2e417d9e01026d778f3d0N.exe
2396	56a3cdc561f2e417d9e01026d778f3d0N.exe
552	56a3cdc561f2e417d9e01026d778f3d0N.exe
3028	56a3cdc561f2e417d9e01026d778f3d0N.exe
1080	56a3cdc561f2e417d9e01026d778f3d0N.exe
2596	56a3cdc561f2e417d9e01026d778f3d0N.exe
2792	56a3cdc561f2e417d9e01026d778f3d0N.exe
2080	56a3cdc561f2e417d9e01026d778f3d0N.exe
552	56a3cdc561f2e417d9e01026d778f3d0N.exe
2396	56a3cdc561f2e417d9e01026d778f3d0N.exe
1920	56a3cdc561f2e417d9e01026d778f3d0N.exe
3028	56a3cdc561f2e417d9e01026d778f3d0N.exe
2964	56a3cdc561f2e417d9e01026d778f3d0N.exe
772	56a3cdc561f2e417d9e01026d778f3d0N.exe
1080	56a3cdc561f2e417d9e01026d778f3d0N.exe
1720	56a3cdc561f2e417d9e01026d778f3d0N.exe
2824	56a3cdc561f2e417d9e01026d778f3d0N.exe
2596	56a3cdc561f2e417d9e01026d778f3d0N.exe
1632	56a3cdc561f2e417d9e01026d778f3d0N.exe
2080	56a3cdc561f2e417d9e01026d778f3d0N.exe
2792	56a3cdc561f2e417d9e01026d778f3d0N.exe
2084	56a3cdc561f2e417d9e01026d778f3d0N.exe
552	56a3cdc561f2e417d9e01026d778f3d0N.exe
2396	56a3cdc561f2e417d9e01026d778f3d0N.exe
1972	56a3cdc561f2e417d9e01026d778f3d0N.exe
3028	56a3cdc561f2e417d9e01026d778f3d0N.exe
1880	56a3cdc561f2e417d9e01026d778f3d0N.exe
1920	56a3cdc561f2e417d9e01026d778f3d0N.exe
1572	56a3cdc561f2e417d9e01026d778f3d0N.exe
1808	56a3cdc561f2e417d9e01026d778f3d0N.exe
2964	56a3cdc561f2e417d9e01026d778f3d0N.exe
1444	56a3cdc561f2e417d9e01026d778f3d0N.exe
848	56a3cdc561f2e417d9e01026d778f3d0N.exe
772	56a3cdc561f2e417d9e01026d778f3d0N.exe
2596	56a3cdc561f2e417d9e01026d778f3d0N.exe
1080	56a3cdc561f2e417d9e01026d778f3d0N.exe
708	56a3cdc561f2e417d9e01026d778f3d0N.exe
1300	56a3cdc561f2e417d9e01026d778f3d0N.exe
2000	56a3cdc561f2e417d9e01026d778f3d0N.exe
1612	56a3cdc561f2e417d9e01026d778f3d0N.exe
828	56a3cdc561f2e417d9e01026d778f3d0N.exe
828	56a3cdc561f2e417d9e01026d778f3d0N.exe
2080	56a3cdc561f2e417d9e01026d778f3d0N.exe
2080	56a3cdc561f2e417d9e01026d778f3d0N.exe
2792	56a3cdc561f2e417d9e01026d778f3d0N.exe
2792	56a3cdc561f2e417d9e01026d778f3d0N.exe
2044	56a3cdc561f2e417d9e01026d778f3d0N.exe
2044	56a3cdc561f2e417d9e01026d778f3d0N.exe
1580	56a3cdc561f2e417d9e01026d778f3d0N.exe
1580	56a3cdc561f2e417d9e01026d778f3d0N.exe
2824	56a3cdc561f2e417d9e01026d778f3d0N.exe
2824	56a3cdc561f2e417d9e01026d778f3d0N.exe
960	56a3cdc561f2e417d9e01026d778f3d0N.exe
960	56a3cdc561f2e417d9e01026d778f3d0N.exe
552	56a3cdc561f2e417d9e01026d778f3d0N.exe
552	56a3cdc561f2e417d9e01026d778f3d0N.exe
1720	56a3cdc561f2e417d9e01026d778f3d0N.exe
1720	56a3cdc561f2e417d9e01026d778f3d0N.exe
2396	56a3cdc561f2e417d9e01026d778f3d0N.exe
2396	56a3cdc561f2e417d9e01026d778f3d0N.exe
2540	56a3cdc561f2e417d9e01026d778f3d0N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3028 wrote to memory of 552	3028	56a3cdc561f2e417d9e01026d778f3d0N.exe	30
PID 3028 wrote to memory of 552	3028	56a3cdc561f2e417d9e01026d778f3d0N.exe	30
PID 3028 wrote to memory of 552	3028	56a3cdc561f2e417d9e01026d778f3d0N.exe	30
PID 3028 wrote to memory of 552	3028	56a3cdc561f2e417d9e01026d778f3d0N.exe	30
PID 552 wrote to memory of 2080	552	56a3cdc561f2e417d9e01026d778f3d0N.exe	31
PID 552 wrote to memory of 2080	552	56a3cdc561f2e417d9e01026d778f3d0N.exe	31
PID 552 wrote to memory of 2080	552	56a3cdc561f2e417d9e01026d778f3d0N.exe	31
PID 552 wrote to memory of 2080	552	56a3cdc561f2e417d9e01026d778f3d0N.exe	31
PID 3028 wrote to memory of 2396	3028	56a3cdc561f2e417d9e01026d778f3d0N.exe	32
PID 3028 wrote to memory of 2396	3028	56a3cdc561f2e417d9e01026d778f3d0N.exe	32
PID 3028 wrote to memory of 2396	3028	56a3cdc561f2e417d9e01026d778f3d0N.exe	32
PID 3028 wrote to memory of 2396	3028	56a3cdc561f2e417d9e01026d778f3d0N.exe	32
PID 2080 wrote to memory of 1080	2080	56a3cdc561f2e417d9e01026d778f3d0N.exe	33
PID 2080 wrote to memory of 1080	2080	56a3cdc561f2e417d9e01026d778f3d0N.exe	33
PID 2080 wrote to memory of 1080	2080	56a3cdc561f2e417d9e01026d778f3d0N.exe	33
PID 2080 wrote to memory of 1080	2080	56a3cdc561f2e417d9e01026d778f3d0N.exe	33
PID 552 wrote to memory of 2596	552	56a3cdc561f2e417d9e01026d778f3d0N.exe	34
PID 552 wrote to memory of 2596	552	56a3cdc561f2e417d9e01026d778f3d0N.exe	34
PID 552 wrote to memory of 2596	552	56a3cdc561f2e417d9e01026d778f3d0N.exe	34
PID 552 wrote to memory of 2596	552	56a3cdc561f2e417d9e01026d778f3d0N.exe	34
PID 2396 wrote to memory of 2792	2396	56a3cdc561f2e417d9e01026d778f3d0N.exe	35
PID 2396 wrote to memory of 2792	2396	56a3cdc561f2e417d9e01026d778f3d0N.exe	35
PID 2396 wrote to memory of 2792	2396	56a3cdc561f2e417d9e01026d778f3d0N.exe	35
PID 2396 wrote to memory of 2792	2396	56a3cdc561f2e417d9e01026d778f3d0N.exe	35
PID 3028 wrote to memory of 1920	3028	56a3cdc561f2e417d9e01026d778f3d0N.exe	36
PID 3028 wrote to memory of 1920	3028	56a3cdc561f2e417d9e01026d778f3d0N.exe	36
PID 3028 wrote to memory of 1920	3028	56a3cdc561f2e417d9e01026d778f3d0N.exe	36
PID 3028 wrote to memory of 1920	3028	56a3cdc561f2e417d9e01026d778f3d0N.exe	36
PID 1080 wrote to memory of 2964	1080	56a3cdc561f2e417d9e01026d778f3d0N.exe	37
PID 1080 wrote to memory of 2964	1080	56a3cdc561f2e417d9e01026d778f3d0N.exe	37
PID 1080 wrote to memory of 2964	1080	56a3cdc561f2e417d9e01026d778f3d0N.exe	37
PID 1080 wrote to memory of 2964	1080	56a3cdc561f2e417d9e01026d778f3d0N.exe	37
PID 2596 wrote to memory of 772	2596	56a3cdc561f2e417d9e01026d778f3d0N.exe	38
PID 2596 wrote to memory of 772	2596	56a3cdc561f2e417d9e01026d778f3d0N.exe	38
PID 2596 wrote to memory of 772	2596	56a3cdc561f2e417d9e01026d778f3d0N.exe	38
PID 2596 wrote to memory of 772	2596	56a3cdc561f2e417d9e01026d778f3d0N.exe	38
PID 2080 wrote to memory of 1720	2080	56a3cdc561f2e417d9e01026d778f3d0N.exe	39
PID 2080 wrote to memory of 1720	2080	56a3cdc561f2e417d9e01026d778f3d0N.exe	39
PID 2080 wrote to memory of 1720	2080	56a3cdc561f2e417d9e01026d778f3d0N.exe	39
PID 2080 wrote to memory of 1720	2080	56a3cdc561f2e417d9e01026d778f3d0N.exe	39
PID 552 wrote to memory of 1632	552	56a3cdc561f2e417d9e01026d778f3d0N.exe	40
PID 552 wrote to memory of 1632	552	56a3cdc561f2e417d9e01026d778f3d0N.exe	40
PID 552 wrote to memory of 1632	552	56a3cdc561f2e417d9e01026d778f3d0N.exe	40
PID 552 wrote to memory of 1632	552	56a3cdc561f2e417d9e01026d778f3d0N.exe	40
PID 2792 wrote to memory of 2824	2792	56a3cdc561f2e417d9e01026d778f3d0N.exe	41
PID 2792 wrote to memory of 2824	2792	56a3cdc561f2e417d9e01026d778f3d0N.exe	41
PID 2792 wrote to memory of 2824	2792	56a3cdc561f2e417d9e01026d778f3d0N.exe	41
PID 2792 wrote to memory of 2824	2792	56a3cdc561f2e417d9e01026d778f3d0N.exe	41
PID 2396 wrote to memory of 2084	2396	56a3cdc561f2e417d9e01026d778f3d0N.exe	42
PID 2396 wrote to memory of 2084	2396	56a3cdc561f2e417d9e01026d778f3d0N.exe	42
PID 2396 wrote to memory of 2084	2396	56a3cdc561f2e417d9e01026d778f3d0N.exe	42
PID 2396 wrote to memory of 2084	2396	56a3cdc561f2e417d9e01026d778f3d0N.exe	42
PID 3028 wrote to memory of 1972	3028	56a3cdc561f2e417d9e01026d778f3d0N.exe	43
PID 3028 wrote to memory of 1972	3028	56a3cdc561f2e417d9e01026d778f3d0N.exe	43
PID 3028 wrote to memory of 1972	3028	56a3cdc561f2e417d9e01026d778f3d0N.exe	43
PID 3028 wrote to memory of 1972	3028	56a3cdc561f2e417d9e01026d778f3d0N.exe	43
PID 1920 wrote to memory of 1880	1920	56a3cdc561f2e417d9e01026d778f3d0N.exe	44
PID 1920 wrote to memory of 1880	1920	56a3cdc561f2e417d9e01026d778f3d0N.exe	44
PID 1920 wrote to memory of 1880	1920	56a3cdc561f2e417d9e01026d778f3d0N.exe	44
PID 1920 wrote to memory of 1880	1920	56a3cdc561f2e417d9e01026d778f3d0N.exe	44
PID 2964 wrote to memory of 1572	2964	56a3cdc561f2e417d9e01026d778f3d0N.exe	45
PID 2964 wrote to memory of 1572	2964	56a3cdc561f2e417d9e01026d778f3d0N.exe	45
PID 2964 wrote to memory of 1572	2964	56a3cdc561f2e417d9e01026d778f3d0N.exe	45
PID 2964 wrote to memory of 1572	2964	56a3cdc561f2e417d9e01026d778f3d0N.exe	45

C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
"C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3028
- C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
  "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:552
- - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2080
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1080
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2964
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        8⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        9⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        10⤵
        
        PID:10464
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        10⤵
        
        PID:17420
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        10⤵
        
        PID:23820
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        9⤵
        
        PID:8280
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        9⤵
        
        PID:14324
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        8⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        9⤵
        
        PID:8940
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        9⤵
        
        PID:16248
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        9⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        8⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        9⤵
        
        PID:11828
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        9⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        8⤵
        
        PID:12108
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        8⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        9⤵
        
        PID:9552
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        9⤵
        
        PID:13556
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        9⤵
        
        PID:23732
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        8⤵
        
        PID:7988
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        8⤵
        
        PID:13908
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        8⤵
        
        PID:8464
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        8⤵
        
        PID:15080
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:10084
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:14836
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:3664
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        8⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        9⤵
        
        PID:11568
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        9⤵
        
        PID:17344
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        9⤵
        
        PID:11868
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        8⤵
        
        PID:8288
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        8⤵
        
        PID:14820
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        8⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        8⤵
        
        PID:8948
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        8⤵
        
        PID:16224
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        8⤵
        
        PID:9560
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        8⤵
        
        PID:11968
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        8⤵
        
        PID:23764
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:11940
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:23644
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        8⤵
        
        PID:10728
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:7540
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:13812
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:9496
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:8692
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:17172
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:12776
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:7000
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:11212
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:20868
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:11332
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:24208
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:848
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        8⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        8⤵
        
        PID:9612
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        8⤵
        
        PID:17364
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        8⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        8⤵
        
        PID:9732
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        8⤵
        
        PID:17448
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        8⤵
        
        PID:25164
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:13260
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:25760
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        8⤵
        
        PID:12024
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        8⤵
        
        PID:12940
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:9008
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:16284
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:6156
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:9264
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:17188
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:25124
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:7452
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:11044
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:17276
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:3548
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:2664
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:10768
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:16300
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:10368
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:10060
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:15088
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:7664
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:13300
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:12992
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:3764
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:16164
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:23996
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:8876
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:17304
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:13108
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:4408
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:9724
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:23128
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:7468
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:13244
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:25252
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1720
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:828
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        8⤵
        
        PID:8412
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        8⤵
        
        PID:14744
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:10204
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:14776
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:1380
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:10924
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:17204
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:13836
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:16552
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:2688
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:9056
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:17336
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:8480
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:2116
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:8484
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:14844
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:25380
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:6364
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:9604
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:13564
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:20540
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:3792
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:6688
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:11924
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:25584
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:5360
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:10956
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:16292
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:12436
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:8652
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:17068
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:5608
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:708
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:1936
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:9996
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:14792
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:10448
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:17464
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:7672
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:14240
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:3960
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:21936
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:10048
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:16440
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:5468
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:9768
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:17356
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:4960
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:7908
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:13872
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:2564
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:2668
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:4180
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:7828
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:13252
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:3980
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:6128
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:9748
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:17952
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:11892
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:3520
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:7124
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:10972
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:15624
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:8592
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:5952
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:11508
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:5860
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:8228
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:14868
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:12440
- - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2596
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:772
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1808
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        8⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        9⤵
        
        PID:10980
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        9⤵
        
        PID:15616
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        9⤵
        
        PID:25140
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        8⤵
        
        PID:8668
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        8⤵
        
        PID:17440
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        8⤵
        
        PID:9048
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        8⤵
        
        PID:17268
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:12100
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:2804
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        8⤵
        
        PID:10424
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        8⤵
        
        PID:18272
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        8⤵
        
        PID:23836
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:8216
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:14828
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:2112
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:8768
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:16240
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:9764
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:10900
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:17144
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:11052
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:15632
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:11880
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:2836
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:9856
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:22764
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:10020
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:16012
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:7728
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:14044
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:8036
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:3708
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:10948
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:17252
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:13136
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:9064
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:17320
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:11408
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:4716
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:9476
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:13588
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:22868
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:7436
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:13948
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1444
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:2940
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:6656
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:11372
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:23560
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:10500
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:22784
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:7980
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:14068
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:23796
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:3784
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:16544
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:9788
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:8988
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:17180
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:8472
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:5128
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:9460
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:17396
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:12328
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:7776
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:13864
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:23844
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:1960
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:4024
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:11316
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:25236
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:10192
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:14296
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:8936
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:5564
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:10176
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:14288
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:25368
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:7864
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:14232
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:13520
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:3776
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:5796
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:23140
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:9016
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:16256
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:25332
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:4464
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:9468
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:17380
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:12336
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:7532
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:14028
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:11876
- - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1632
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2044
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:1584
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:9032
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:17288
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:7100
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:12628
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:25316
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:4336
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:7260
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:14060
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:25204
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:5516
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:9800
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:23168
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:3020
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:4944
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:8404
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:14280
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:5212
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:6196
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:10964
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:15928
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:4132
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:7792
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:13880
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:23524
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:5284
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:8972
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:16308
- - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1612
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:1684
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:4288
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:7224
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:13292
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:25188
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:5748
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:9424
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:14136
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:12060
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:3844
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:6584
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:11932
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:23652
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:5136
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:10932
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:14700
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:23548
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:8724
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:16212
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:7176
- - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
    3⤵
    PID:2888
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:4624
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:8060
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:13644
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:23852
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:6344
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:10028
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:16032
- - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
    3⤵
    PID:3116
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:6204
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:11836
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:23772
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:12584
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:10752
- - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
    3⤵
    PID:5336
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:12116
- - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
    3⤵
    PID:8916
- - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
    3⤵
    PID:16268
- - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
    3⤵
    PID:3324
- C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
  "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2396
- - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2792
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2824
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1300
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        8⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        9⤵
        
        PID:11196
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        9⤵
        
        PID:21944
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        8⤵
        
        PID:10076
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        8⤵
        
        PID:16500
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        8⤵
        
        PID:10720
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        8⤵
        
        PID:23788
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:14052
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:4176
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:9808
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:18280
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:10432
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:23184
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:7948
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:14084
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:12132
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:2216
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:7448
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        8⤵
        
        PID:22564
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:14076
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:22572
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:9816
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:22776
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:3972
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:6360
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:11324
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:25244
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:5152
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:12520
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:25276
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:8660
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:16592
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:5588
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2000
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:888
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:12156
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:16176
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:2076
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:9072
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:17312
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:5788
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:4076
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:15036
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:23540
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:11348
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:23860
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:5620
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:10440
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:18264
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:24892
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:7684
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:14260
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:2972
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:4192
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:7760
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:13980
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:8164
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:6092
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:9252
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:16192
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:11400
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:3808
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:6496
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:11844
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:6132
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:12148
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:4008
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:8700
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:17060
- - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2084
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2540
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:3256
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:9740
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:19404
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:11812
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:23620
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:12616
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:25292
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:4540
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:7464
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:13284
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:5164
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:6668
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:11356
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:5772
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:1924
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:5080
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:8684
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:17152
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:7852
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:6420
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:11308
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:24408
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:11340
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:23744
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:4296
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:7284
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:14184
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:13504
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:5832
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:18248
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:9540
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:13308
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:12216
- - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1580
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:3168
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:4144
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:9840
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:20140
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:7428
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:13236
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:4452
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:7736
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:14224
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:6460
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:21964
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:9848
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:18240
- - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
    3⤵
    PID:2580
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:4788
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:8452
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:14812
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:2140
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:6624
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:11364
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:24200
- - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
    3⤵
    PID:3840
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:7180
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:12604
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:1388
- - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
    3⤵
    PID:6116
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:17100
- - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
    3⤵
    PID:9000
- - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
    3⤵
    PID:16276
- - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
    3⤵
    PID:25148
- C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
  "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1920
- - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1880
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:2532
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:3384
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:9952
        
        C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        7⤵
        
        PID:16108
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:7564
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:13660
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:22000
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:4696
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:8240
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:14860
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:1948
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:6592
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:10184
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:18256
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:23828
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:3096
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:4648
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:9824
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:19616
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:7212
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:11820
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:23628
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:10988
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:17224
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:4380
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:8120
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:16156
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:6468
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:9596
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:13580
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:23176
- - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
    3⤵
    PID:2528
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:3328
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:5168
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:10040
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:23932
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:7576
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:12064
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:25568
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:14004
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:25324
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:4632
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:8380
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:15948
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:6380
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:9832
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:17960
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:4756
- - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
    3⤵
    PID:1956
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:4112
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:8580
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:14784
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:4724
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:7152
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:11804
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:23636
- - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
    3⤵
    PID:4252
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:7648
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:14216
- - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
    3⤵
    PID:5856
- - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
    3⤵
    PID:10012
- - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
    3⤵
    PID:17196
- - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
    3⤵
    PID:1304
- C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
  "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1972
- - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
    3⤵
    PID:2024
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:3376
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:5196
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:9452
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:16184
      - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        6⤵
        
        PID:12080
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:7640
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:12700
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:4664
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:7984
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:13548
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:22876
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:6632
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:10484
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:20172
- - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
    3⤵
    PID:3108
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:5112
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:9444
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:13572
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:20548
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:7412
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:13636
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:25196
- - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
    3⤵
    PID:4428
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:8008
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:14020
- - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
    3⤵
    PID:6640
- - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
    3⤵
    PID:10492
- - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
    3⤵
    PID:17212
- - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
    3⤵
    PID:25156
- C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
  "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:960
- - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
    3⤵
    PID:3188
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:4332
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:9436
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:17500
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:7548
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:11976
    - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
        5⤵
        
        PID:21972
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:14036
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:25556
- - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
    3⤵
    PID:4532
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:7560
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:15968
- - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
    3⤵
    PID:6500
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:21952
- - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
    3⤵
    PID:9716
- - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
    3⤵
    PID:17456
- - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
    3⤵
    PID:25172
- C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
  "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
  2⤵
  PID:2716
- - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
    3⤵
    PID:4852
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:7232
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:13652
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:25576
- - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
    3⤵
    PID:6932
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:11204
  - - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
      4⤵
      PID:25224
- - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
    3⤵
    PID:10456
- - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
    3⤵
    PID:17488
- - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
    3⤵
    PID:25180
- C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
  "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
  2⤵
  PID:4100
- - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
    3⤵
    PID:7836
- - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
    3⤵
    PID:13228
- - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
    3⤵
    PID:23812
- C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
  "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
  2⤵
  PID:5256
- - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
    3⤵
    PID:16536
- - C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
    3⤵
    PID:25308
- C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
  "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
  2⤵
  PID:8980
- C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe
  "C:\Users\Admin\AppData\Local\Temp\56a3cdc561f2e417d9e01026d778f3d0N.exe"
  2⤵
  PID:17296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\indian nude hidden ash shower .avi.exe

Filesize
1.6MB

MD5
9d866ea977933dc7e83712dd05855c58

SHA1
2549b973dbd73c2fd3028914137a25bc4e32a2b9

SHA256
48694444705328949672bde449d25c46d2f1d1aee2b5a31550989492d3123d8b

SHA512
016e4e070dc881126c2645f848df07915419078eb036df6d89b1ebc5db5fe16fd93c1c0be117b05bf0934b2107e591ce7345d28e6041c1577cc0c401a0363954

Download Submit
memory/552-167-0x0000000004F20000-0x0000000004F49000-memory.dmp

Filesize
164KB

Download
memory/552-65-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/552-166-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/552-138-0x0000000004F30000-0x0000000004F59000-memory.dmp

Filesize
164KB

Download
memory/552-89-0x0000000004F20000-0x0000000004F49000-memory.dmp

Filesize
164KB

Download
memory/708-131-0x0000000004830000-0x0000000004859000-memory.dmp

Filesize
164KB

Download
memory/772-99-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/772-178-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/772-123-0x0000000004940000-0x0000000004969000-memory.dmp

Filesize
164KB

Download
memory/828-139-0x0000000004590000-0x00000000045B9000-memory.dmp

Filesize
164KB

Download
memory/848-110-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/848-125-0x0000000004910000-0x0000000004939000-memory.dmp

Filesize
164KB

Download
memory/896-118-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/960-158-0x00000000045D0000-0x00000000045F9000-memory.dmp

Filesize
164KB

Download
memory/1080-98-0x0000000001DA0000-0x0000000001DC9000-memory.dmp

Filesize
164KB

Download
memory/1080-129-0x00000000045E0000-0x0000000004609000-memory.dmp

Filesize
164KB

Download
memory/1080-173-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1080-94-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1080-177-0x0000000001DA0000-0x0000000001DC9000-memory.dmp

Filesize
164KB

Download
memory/1300-133-0x0000000005070000-0x0000000005099000-memory.dmp

Filesize
164KB

Download
memory/1324-120-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1444-126-0x00000000045E0000-0x0000000004609000-memory.dmp

Filesize
164KB

Download
memory/1572-117-0x0000000001E30000-0x0000000001E59000-memory.dmp

Filesize
164KB

Download
memory/1580-157-0x0000000004BA0000-0x0000000004BC9000-memory.dmp

Filesize
164KB

Download
memory/1596-122-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1632-183-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1632-102-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1632-146-0x0000000004CF0000-0x0000000004D19000-memory.dmp

Filesize
164KB

Download
memory/1720-101-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1720-137-0x0000000005070000-0x0000000005099000-memory.dmp

Filesize
164KB

Download
memory/1808-109-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1808-121-0x00000000046B0000-0x00000000046D9000-memory.dmp

Filesize
164KB

Download
memory/1880-186-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1880-106-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1880-153-0x0000000004DE0000-0x0000000004E09000-memory.dmp

Filesize
164KB

Download
memory/1880-114-0x0000000004DE0000-0x0000000004E09000-memory.dmp

Filesize
164KB

Download
memory/1920-176-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1920-105-0x00000000048F0000-0x0000000004919000-memory.dmp

Filesize
164KB

Download
memory/1920-149-0x0000000004910000-0x0000000004939000-memory.dmp

Filesize
164KB

Download
memory/1920-97-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1924-152-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1936-132-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1960-130-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1972-104-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1972-185-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1972-154-0x0000000004F20000-0x0000000004F49000-memory.dmp

Filesize
164KB

Download
memory/1972-112-0x0000000004F20000-0x0000000004F49000-memory.dmp

Filesize
164KB

Download
memory/2000-134-0x0000000004DE0000-0x0000000004E09000-memory.dmp

Filesize
164KB

Download
memory/2024-113-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2028-142-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2044-151-0x0000000004620000-0x0000000004649000-memory.dmp

Filesize
164KB

Download
memory/2080-135-0x0000000004A70000-0x0000000004A99000-memory.dmp

Filesize
164KB

Download
memory/2080-170-0x00000000047F0000-0x0000000004819000-memory.dmp

Filesize
164KB

Download
memory/2080-93-0x00000000047F0000-0x0000000004819000-memory.dmp

Filesize
164KB

Download
memory/2080-168-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2080-90-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2084-150-0x0000000004F20000-0x0000000004F49000-memory.dmp

Filesize
164KB

Download
memory/2084-103-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2084-184-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2116-140-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2396-143-0x0000000004F40000-0x0000000004F69000-memory.dmp

Filesize
164KB

Download
memory/2396-92-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2396-169-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2532-115-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2540-162-0x0000000004DF0000-0x0000000004E19000-memory.dmp

Filesize
164KB

Download
memory/2580-144-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2596-174-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2596-128-0x0000000004CF0000-0x0000000004D19000-memory.dmp

Filesize
164KB

Download
memory/2596-95-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2716-147-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2792-175-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2792-96-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2824-181-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2824-136-0x0000000005080000-0x00000000050A9000-memory.dmp

Filesize
164KB

Download
memory/2824-100-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2836-124-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2888-141-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2940-127-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2964-108-0x00000000050B0000-0x00000000050D9000-memory.dmp

Filesize
164KB

Download
memory/2964-180-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2964-119-0x00000000050B0000-0x00000000050D9000-memory.dmp

Filesize
164KB

Download
memory/3020-148-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/3028-145-0x0000000005130000-0x0000000005159000-memory.dmp

Filesize
164KB

Download
memory/3028-165-0x0000000005130000-0x0000000005159000-memory.dmp

Filesize
164KB

Download
memory/3028-0-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/3028-64-0x0000000005130000-0x0000000005159000-memory.dmp

Filesize
164KB

Download
memory/3028-163-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/3028-91-0x0000000005130000-0x0000000005159000-memory.dmp

Filesize
164KB

Download
memory/3096-155-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/3108-156-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/3168-159-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/3256-164-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/3376-171-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/3384-172-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/3540-179-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/3608-182-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download