e763b8fa7e75d202dc2ca3a40df4c8ee47a79412715c92faacc982f67c31a8d6

Analysis

max time kernel
25s
max time network
119s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
20/07/2024, 06:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5aa1947b55064cbf345c04a91d044110N.exe
Size

1.6MB
MD5

5aa1947b55064cbf345c04a91d044110
SHA1

dbcceaeede96d07770a0bc7f3387efefa4dbe28a
SHA256

e763b8fa7e75d202dc2ca3a40df4c8ee47a79412715c92faacc982f67c31a8d6
SHA512

c953d0140c4cef82caa8b6fe5291cce6bab2432ee17c348a93cab110ec36c406bb55cad368a959885537c8dc082ad11701c132767e0059a485d827800bcdb1de
SSDEEP

24576:lISjiQBofCloQGc746cI4s2Ce+0oVdPMZK96IYLGjY3Ep8LJft6/gHw5g67Q:OSjiQBpJoI4dCTdPl6LLEEP6/gQf7Q

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1420-0-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/files/0x00070000000167b4-5.dat	upx
behavioral1/memory/1420-54-0x00000000060D0000-0x0000000006126000-memory.dmp	upx
behavioral1/memory/2644-89-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/2680-91-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/1420-92-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/3004-93-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/2672-95-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/3068-94-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/2860-96-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/2644-97-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/1452-99-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/2840-100-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/1660-102-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/2680-101-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/316-104-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/1756-105-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/3024-107-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/3032-109-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/1504-108-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/3004-106-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/2672-111-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/380-112-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/2796-114-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/2860-113-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/2840-116-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/1452-115-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/1044-118-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/1596-119-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/1072-117-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/316-120-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/1896-122-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/2392-121-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/1884-124-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/1928-123-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/3032-128-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/1504-126-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/3024-125-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/2796-130-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/380-129-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/1044-134-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/1072-133-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/1896-135-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/1884-139-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/1928-138-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/2176-140-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/1944-143-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/2484-142-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/2212-141-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/1476-147-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/1660-146-0x0000000005090000-0x00000000050E6000-memory.dmp	upx
behavioral1/memory/2260-144-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/2436-145-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/2640-154-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/2176-161-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/2732-153-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/876-160-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/1932-159-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/2924-157-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/1916-156-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/2144-151-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/2092-150-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/2488-148-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral1/memory/2436-163-0x0000000000400000-0x0000000000456000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	5aa1947b55064cbf345c04a91d044110N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\L:	5aa1947b55064cbf345c04a91d044110N.exe
File opened (read-only)	\??\Q:	5aa1947b55064cbf345c04a91d044110N.exe
File opened (read-only)	\??\V:	5aa1947b55064cbf345c04a91d044110N.exe
File opened (read-only)	\??\S:	5aa1947b55064cbf345c04a91d044110N.exe
File opened (read-only)	\??\U:	5aa1947b55064cbf345c04a91d044110N.exe
File opened (read-only)	\??\Y:	5aa1947b55064cbf345c04a91d044110N.exe
File opened (read-only)	\??\N:	5aa1947b55064cbf345c04a91d044110N.exe
File opened (read-only)	\??\O:	5aa1947b55064cbf345c04a91d044110N.exe
File opened (read-only)	\??\P:	5aa1947b55064cbf345c04a91d044110N.exe
File opened (read-only)	\??\R:	5aa1947b55064cbf345c04a91d044110N.exe
File opened (read-only)	\??\E:	5aa1947b55064cbf345c04a91d044110N.exe
File opened (read-only)	\??\G:	5aa1947b55064cbf345c04a91d044110N.exe
File opened (read-only)	\??\K:	5aa1947b55064cbf345c04a91d044110N.exe
File opened (read-only)	\??\M:	5aa1947b55064cbf345c04a91d044110N.exe
File opened (read-only)	\??\T:	5aa1947b55064cbf345c04a91d044110N.exe
File opened (read-only)	\??\W:	5aa1947b55064cbf345c04a91d044110N.exe
File opened (read-only)	\??\X:	5aa1947b55064cbf345c04a91d044110N.exe
File opened (read-only)	\??\Z:	5aa1947b55064cbf345c04a91d044110N.exe
File opened (read-only)	\??\J:	5aa1947b55064cbf345c04a91d044110N.exe
File opened (read-only)	\??\A:	5aa1947b55064cbf345c04a91d044110N.exe
File opened (read-only)	\??\B:	5aa1947b55064cbf345c04a91d044110N.exe
File opened (read-only)	\??\H:	5aa1947b55064cbf345c04a91d044110N.exe
File opened (read-only)	\??\I:	5aa1947b55064cbf345c04a91d044110N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\brasilian blowjob kicking [bangbus] feet hotel (Kathrin).zip.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\SysWOW64\FxsTmp\fucking sleeping (Christine,Liz).mpg.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\french gang bang blowjob licking .avi.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\malaysia lingerie handjob [milf] stockings .zip.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\System32\DriverStore\Temp\handjob nude girls hairy .mpg.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\SysWOW64\IME\shared\indian animal [free] lady .mpg.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\SysWOW64\FxsTmp\gay sleeping boots .zip.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\canadian gay horse hot (!) .avi.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\blowjob xxx girls .rar.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\SysWOW64\IME\shared\porn lingerie hot (!) titts fishy .mpg.exe	5aa1947b55064cbf345c04a91d044110N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\black beast masturbation .zip.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\bukkake beast full movie .mpeg.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\british lingerie sperm masturbation hotel .mpeg.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\hardcore kicking catfight cock .zip.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\indian animal voyeur bondage .zip.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Program Files\Windows Journal\Templates\danish horse licking (Sarah).rar.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\american gay animal sleeping hole .mpg.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\japanese lingerie bukkake several models .avi.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\blowjob bukkake sleeping latex .rar.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Program Files (x86)\Google\Temp\hardcore cumshot catfight hairy .avi.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Program Files (x86)\Google\Update\Download\japanese gang bang action hidden nipples .mpeg.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\brasilian horse girls .avi.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\indian trambling lesbian latex (Sonja).mpeg.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\french fetish porn full movie black hairunshaved .mpg.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Program Files\DVD Maker\Shared\xxx fetish [bangbus] glans traffic .rar.exe	5aa1947b55064cbf345c04a91d044110N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\horse public black hairunshaved .avi.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\tyrkish horse cum licking nipples mistress (Tatjana,Sonja).mpeg.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\japanese animal [free] feet granny .avi.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\blowjob [bangbus] shower .rar.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\asian gang bang sperm hidden glans .avi.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\animal masturbation stockings .mpg.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\italian fucking hot (!) .avi.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\beast voyeur glans sm .rar.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\porn catfight swallow (Melissa).rar.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\black fucking handjob masturbation 50+ .rar.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\american porn several models (Kathrin,Sonja).rar.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\malaysia gang bang hardcore licking hole sm .mpeg.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\beastiality big nipples .rar.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\fetish trambling voyeur balls .mpeg.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\fucking blowjob voyeur latex .mpg.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\german hardcore handjob masturbation fishy (Anniston,Sonja).mpg.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\indian fetish sleeping boobs tÛ (Jade).avi.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\blowjob licking .rar.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\lesbian sperm catfight .mpg.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\swedish beastiality voyeur .zip.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\mssrv.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\animal hardcore sleeping shower (Liz).mpg.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\black xxx lingerie [free] .zip.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\american hardcore uncut blondie .avi.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\hardcore gang bang several models glans .rar.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\lesbian xxx [bangbus] .mpg.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\british fetish lesbian titts .mpeg.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\gay public feet castration (Melissa,Ashley).rar.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\SoftwareDistribution\Download\fucking licking glans .rar.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\canadian horse voyeur shoes .rar.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\fetish sleeping .rar.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\brasilian animal [free] hole (Gina).rar.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\indian handjob lesbian masturbation penetration .rar.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\tyrkish beastiality voyeur gorgeoushorny .avi.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\cum kicking public cock latex .avi.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\beast [milf] mistress (Gina).avi.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\Downloaded Program Files\british bukkake licking .mpg.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\british lesbian beastiality full movie YEâPSè& .zip.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\japanese gang bang hot (!) feet balls .zip.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\nude fetish [bangbus] titts young .mpg.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\canadian lesbian horse uncut mature .avi.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\canadian lingerie handjob sleeping cock (Tatjana,Curtney).avi.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\danish handjob licking feet (Samantha,Ashley).mpeg.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\danish beastiality catfight (Jade).zip.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\russian blowjob beastiality hot (!) mistress (Sylvia,Sonja).avi.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\cum nude public upskirt .avi.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\japanese horse trambling full movie wifey .mpg.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\russian horse masturbation beautyfull .mpg.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\black fucking masturbation balls (Jenna,Tatjana).zip.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\british blowjob masturbation cock lady .zip.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\fucking blowjob uncut (Janette,Sonja).avi.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\fetish cumshot licking .mpg.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\black action handjob public hole sm .rar.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\asian cum licking cock hotel .mpg.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\action lingerie [free] young .mpg.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\british cumshot lesbian boobs .avi.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\nude [milf] cock (Sylvia,Samantha).mpeg.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\horse big glans (Janette,Sonja).avi.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\spanish action fucking several models .zip.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\danish beastiality fetish [bangbus] bondage .zip.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\russian fetish [milf] (Melissa).mpg.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\gay xxx hidden .mpeg.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\lingerie gay several models upskirt (Britney,Kathrin).mpeg.exe	5aa1947b55064cbf345c04a91d044110N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\fetish sperm lesbian cock shoes (Gina,Jenna).mpeg.exe	5aa1947b55064cbf345c04a91d044110N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1420	5aa1947b55064cbf345c04a91d044110N.exe
3068	5aa1947b55064cbf345c04a91d044110N.exe
1420	5aa1947b55064cbf345c04a91d044110N.exe
2644	5aa1947b55064cbf345c04a91d044110N.exe
3068	5aa1947b55064cbf345c04a91d044110N.exe
1420	5aa1947b55064cbf345c04a91d044110N.exe
2680	5aa1947b55064cbf345c04a91d044110N.exe
1660	5aa1947b55064cbf345c04a91d044110N.exe
2644	5aa1947b55064cbf345c04a91d044110N.exe
3004	5aa1947b55064cbf345c04a91d044110N.exe
3068	5aa1947b55064cbf345c04a91d044110N.exe
2672	5aa1947b55064cbf345c04a91d044110N.exe
2860	5aa1947b55064cbf345c04a91d044110N.exe
1420	5aa1947b55064cbf345c04a91d044110N.exe
2680	5aa1947b55064cbf345c04a91d044110N.exe
1452	5aa1947b55064cbf345c04a91d044110N.exe
1660	5aa1947b55064cbf345c04a91d044110N.exe
2840	5aa1947b55064cbf345c04a91d044110N.exe
1596	5aa1947b55064cbf345c04a91d044110N.exe
316	5aa1947b55064cbf345c04a91d044110N.exe
2644	5aa1947b55064cbf345c04a91d044110N.exe
3068	5aa1947b55064cbf345c04a91d044110N.exe
1756	5aa1947b55064cbf345c04a91d044110N.exe
3004	5aa1947b55064cbf345c04a91d044110N.exe
3024	5aa1947b55064cbf345c04a91d044110N.exe
1504	5aa1947b55064cbf345c04a91d044110N.exe
2672	5aa1947b55064cbf345c04a91d044110N.exe
3032	5aa1947b55064cbf345c04a91d044110N.exe
2680	5aa1947b55064cbf345c04a91d044110N.exe
2860	5aa1947b55064cbf345c04a91d044110N.exe
1420	5aa1947b55064cbf345c04a91d044110N.exe
380	5aa1947b55064cbf345c04a91d044110N.exe
1452	5aa1947b55064cbf345c04a91d044110N.exe
2796	5aa1947b55064cbf345c04a91d044110N.exe
1660	5aa1947b55064cbf345c04a91d044110N.exe
1044	5aa1947b55064cbf345c04a91d044110N.exe
1072	5aa1947b55064cbf345c04a91d044110N.exe
1596	5aa1947b55064cbf345c04a91d044110N.exe
2392	5aa1947b55064cbf345c04a91d044110N.exe
3068	5aa1947b55064cbf345c04a91d044110N.exe
3068	5aa1947b55064cbf345c04a91d044110N.exe
1928	5aa1947b55064cbf345c04a91d044110N.exe
1928	5aa1947b55064cbf345c04a91d044110N.exe
2840	5aa1947b55064cbf345c04a91d044110N.exe
2840	5aa1947b55064cbf345c04a91d044110N.exe
1896	5aa1947b55064cbf345c04a91d044110N.exe
1896	5aa1947b55064cbf345c04a91d044110N.exe
1884	5aa1947b55064cbf345c04a91d044110N.exe
1884	5aa1947b55064cbf345c04a91d044110N.exe
2644	5aa1947b55064cbf345c04a91d044110N.exe
2644	5aa1947b55064cbf345c04a91d044110N.exe
2672	5aa1947b55064cbf345c04a91d044110N.exe
2672	5aa1947b55064cbf345c04a91d044110N.exe
1756	5aa1947b55064cbf345c04a91d044110N.exe
1756	5aa1947b55064cbf345c04a91d044110N.exe
2680	5aa1947b55064cbf345c04a91d044110N.exe
2680	5aa1947b55064cbf345c04a91d044110N.exe
316	5aa1947b55064cbf345c04a91d044110N.exe
316	5aa1947b55064cbf345c04a91d044110N.exe
3004	5aa1947b55064cbf345c04a91d044110N.exe
3004	5aa1947b55064cbf345c04a91d044110N.exe
2484	5aa1947b55064cbf345c04a91d044110N.exe
2484	5aa1947b55064cbf345c04a91d044110N.exe
2260	5aa1947b55064cbf345c04a91d044110N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1420 wrote to memory of 3068	1420	5aa1947b55064cbf345c04a91d044110N.exe	30
PID 1420 wrote to memory of 3068	1420	5aa1947b55064cbf345c04a91d044110N.exe	30
PID 1420 wrote to memory of 3068	1420	5aa1947b55064cbf345c04a91d044110N.exe	30
PID 1420 wrote to memory of 3068	1420	5aa1947b55064cbf345c04a91d044110N.exe	30
PID 3068 wrote to memory of 2644	3068	5aa1947b55064cbf345c04a91d044110N.exe	31
PID 3068 wrote to memory of 2644	3068	5aa1947b55064cbf345c04a91d044110N.exe	31
PID 3068 wrote to memory of 2644	3068	5aa1947b55064cbf345c04a91d044110N.exe	31
PID 3068 wrote to memory of 2644	3068	5aa1947b55064cbf345c04a91d044110N.exe	31
PID 1420 wrote to memory of 2680	1420	5aa1947b55064cbf345c04a91d044110N.exe	32
PID 1420 wrote to memory of 2680	1420	5aa1947b55064cbf345c04a91d044110N.exe	32
PID 1420 wrote to memory of 2680	1420	5aa1947b55064cbf345c04a91d044110N.exe	32
PID 1420 wrote to memory of 2680	1420	5aa1947b55064cbf345c04a91d044110N.exe	32
PID 2644 wrote to memory of 1660	2644	5aa1947b55064cbf345c04a91d044110N.exe	34
PID 2644 wrote to memory of 1660	2644	5aa1947b55064cbf345c04a91d044110N.exe	34
PID 2644 wrote to memory of 1660	2644	5aa1947b55064cbf345c04a91d044110N.exe	34
PID 2644 wrote to memory of 1660	2644	5aa1947b55064cbf345c04a91d044110N.exe	34
PID 3068 wrote to memory of 3004	3068	5aa1947b55064cbf345c04a91d044110N.exe	35
PID 3068 wrote to memory of 3004	3068	5aa1947b55064cbf345c04a91d044110N.exe	35
PID 3068 wrote to memory of 3004	3068	5aa1947b55064cbf345c04a91d044110N.exe	35
PID 3068 wrote to memory of 3004	3068	5aa1947b55064cbf345c04a91d044110N.exe	35
PID 1420 wrote to memory of 2672	1420	5aa1947b55064cbf345c04a91d044110N.exe	36
PID 1420 wrote to memory of 2672	1420	5aa1947b55064cbf345c04a91d044110N.exe	36
PID 1420 wrote to memory of 2672	1420	5aa1947b55064cbf345c04a91d044110N.exe	36
PID 1420 wrote to memory of 2672	1420	5aa1947b55064cbf345c04a91d044110N.exe	36
PID 2680 wrote to memory of 2860	2680	5aa1947b55064cbf345c04a91d044110N.exe	37
PID 2680 wrote to memory of 2860	2680	5aa1947b55064cbf345c04a91d044110N.exe	37
PID 2680 wrote to memory of 2860	2680	5aa1947b55064cbf345c04a91d044110N.exe	37
PID 2680 wrote to memory of 2860	2680	5aa1947b55064cbf345c04a91d044110N.exe	37
PID 1660 wrote to memory of 1452	1660	5aa1947b55064cbf345c04a91d044110N.exe	38
PID 1660 wrote to memory of 1452	1660	5aa1947b55064cbf345c04a91d044110N.exe	38
PID 1660 wrote to memory of 1452	1660	5aa1947b55064cbf345c04a91d044110N.exe	38
PID 1660 wrote to memory of 1452	1660	5aa1947b55064cbf345c04a91d044110N.exe	38
PID 2644 wrote to memory of 2840	2644	5aa1947b55064cbf345c04a91d044110N.exe	39
PID 2644 wrote to memory of 2840	2644	5aa1947b55064cbf345c04a91d044110N.exe	39
PID 2644 wrote to memory of 2840	2644	5aa1947b55064cbf345c04a91d044110N.exe	39
PID 2644 wrote to memory of 2840	2644	5aa1947b55064cbf345c04a91d044110N.exe	39
PID 3004 wrote to memory of 1596	3004	5aa1947b55064cbf345c04a91d044110N.exe	40
PID 3004 wrote to memory of 1596	3004	5aa1947b55064cbf345c04a91d044110N.exe	40
PID 3004 wrote to memory of 1596	3004	5aa1947b55064cbf345c04a91d044110N.exe	40
PID 3004 wrote to memory of 1596	3004	5aa1947b55064cbf345c04a91d044110N.exe	40
PID 3068 wrote to memory of 316	3068	5aa1947b55064cbf345c04a91d044110N.exe	41
PID 3068 wrote to memory of 316	3068	5aa1947b55064cbf345c04a91d044110N.exe	41
PID 3068 wrote to memory of 316	3068	5aa1947b55064cbf345c04a91d044110N.exe	41
PID 3068 wrote to memory of 316	3068	5aa1947b55064cbf345c04a91d044110N.exe	41
PID 2672 wrote to memory of 1756	2672	5aa1947b55064cbf345c04a91d044110N.exe	42
PID 2672 wrote to memory of 1756	2672	5aa1947b55064cbf345c04a91d044110N.exe	42
PID 2672 wrote to memory of 1756	2672	5aa1947b55064cbf345c04a91d044110N.exe	42
PID 2672 wrote to memory of 1756	2672	5aa1947b55064cbf345c04a91d044110N.exe	42
PID 2680 wrote to memory of 3024	2680	5aa1947b55064cbf345c04a91d044110N.exe	43
PID 2680 wrote to memory of 3024	2680	5aa1947b55064cbf345c04a91d044110N.exe	43
PID 2680 wrote to memory of 3024	2680	5aa1947b55064cbf345c04a91d044110N.exe	43
PID 2680 wrote to memory of 3024	2680	5aa1947b55064cbf345c04a91d044110N.exe	43
PID 1420 wrote to memory of 3032	1420	5aa1947b55064cbf345c04a91d044110N.exe	44
PID 1420 wrote to memory of 3032	1420	5aa1947b55064cbf345c04a91d044110N.exe	44
PID 1420 wrote to memory of 3032	1420	5aa1947b55064cbf345c04a91d044110N.exe	44
PID 1420 wrote to memory of 3032	1420	5aa1947b55064cbf345c04a91d044110N.exe	44
PID 2860 wrote to memory of 1504	2860	5aa1947b55064cbf345c04a91d044110N.exe	45
PID 2860 wrote to memory of 1504	2860	5aa1947b55064cbf345c04a91d044110N.exe	45
PID 2860 wrote to memory of 1504	2860	5aa1947b55064cbf345c04a91d044110N.exe	45
PID 2860 wrote to memory of 1504	2860	5aa1947b55064cbf345c04a91d044110N.exe	45
PID 1452 wrote to memory of 380	1452	5aa1947b55064cbf345c04a91d044110N.exe	46
PID 1452 wrote to memory of 380	1452	5aa1947b55064cbf345c04a91d044110N.exe	46
PID 1452 wrote to memory of 380	1452	5aa1947b55064cbf345c04a91d044110N.exe	46
PID 1452 wrote to memory of 380	1452	5aa1947b55064cbf345c04a91d044110N.exe	46

C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
"C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1420
- C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
  "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3068
- - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2644
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1660
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1452
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:380
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        8⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        9⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        10⤵
        
        PID:17580
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        9⤵
        
        PID:10824
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        9⤵
        
        PID:18072
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        8⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        9⤵
        
        PID:9944
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        9⤵
        
        PID:18136
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        8⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        9⤵
        
        PID:17960
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        8⤵
        
        PID:15396
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        8⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        9⤵
        
        PID:14068
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        8⤵
        
        PID:8868
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        8⤵
        
        PID:16076
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        8⤵
        
        PID:9056
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        8⤵
        
        PID:16144
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        8⤵
        
        PID:15100
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:14132
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        8⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        9⤵
        
        PID:15716
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        8⤵
        
        PID:11152
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        8⤵
        
        PID:10648
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        8⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:7948
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        8⤵
        
        PID:18144
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:15696
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        8⤵
        
        PID:13344
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:8708
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:14504
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:9540
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:15028
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:17716
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:13968
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2796
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        8⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        9⤵
        
        PID:14664
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        8⤵
        
        PID:10808
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        8⤵
        
        PID:18204
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        8⤵
        
        PID:10480
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        8⤵
        
        PID:16060
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:8188
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        8⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:14488
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        8⤵
        
        PID:14108
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:8884
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:16100
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:9524
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:14972
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:17004
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:11224
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:1476
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        8⤵
        
        PID:15452
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:13952
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:9936
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:18104
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:7504
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:19276
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:15388
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:3560
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:9736
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:17312
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:8684
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:14536
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:5096
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:9048
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:16156
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:7016
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:17968
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:14076
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2840
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1072
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        8⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        9⤵
        
        PID:17352
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        8⤵
        
        PID:10816
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        8⤵
        
        PID:19084
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        8⤵
        
        PID:13448
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:8464
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:17272
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        8⤵
        
        PID:15108
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:8940
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:17248
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:9516
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:14964
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:7432
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:13488
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:9860
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:20128
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:17536
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:2604
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:6916
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        8⤵
        
        PID:15524
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:10768
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:18368
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:13404
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:8692
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:14552
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:3784
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:6320
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:15492
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:9896
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:17232
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:4836
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:9960
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:17764
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:7940
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:18540
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:15296
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1896
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:2104
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:8776
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        8⤵
        
        PID:18048
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:14568
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:6868
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:15572
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:14228
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:4312
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:8228
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:11024
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:17780
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:5284
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:13800
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:9472
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:7348
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:17160
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:736
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:4336
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:7312
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:14980
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:14560
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:5360
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:15768
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:9112
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:15412
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:3696
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:6944
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:17936
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:10784
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:18120
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:5844
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:11008
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:19284
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:7644
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:14204
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:14512
- - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3004
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1596
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1044
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        8⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        9⤵
        
        PID:14172
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        8⤵
        
        PID:11216
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        8⤵
        
        PID:10488
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        8⤵
        
        PID:16028
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:8472
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:15404
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        8⤵
        
        PID:9920
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        8⤵
        
        PID:17756
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:9120
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:15420
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:9208
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:17100
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:17952
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:14116
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:2732
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        8⤵
        
        PID:15460
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:11136
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:14092
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:17588
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:15500
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:3644
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:13456
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:17708
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:14520
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:4708
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:17992
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:14180
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:7236
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:17520
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:14496
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1884
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:2320
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:9532
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:15052
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:18000
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:14148
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:4364
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:7908
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:15044
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:5228
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:13428
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:9480
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:17176
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:1328
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:4492
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:8020
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:18024
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:17092
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:6216
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:17144
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:10464
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:15648
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:3984
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:7488
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:15092
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:14124
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:5916
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:9752
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:17564
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:8700
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:14544
- - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:316
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1928
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:2908
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        8⤵
        
        PID:15580
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:11128
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:14084
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:8852
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:15980
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:3676
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:15084
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:9040
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:16036
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:4912
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:9496
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:17136
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:7244
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:15036
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:14940
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:1792
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:4540
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:8204
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:10908
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:17772
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:5660
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:15548
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:9448
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:17192
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:3900
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:156
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:17944
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:14188
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:5872
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:14004
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:7628
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:14604
- - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2392
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:1696
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:4132
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:14220
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:14596
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:6080
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:14032
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:8860
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:17928
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:16092
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:3872
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:6272
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:15564
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:9880
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:17336
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:4668
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:10524
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:18152
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:7932
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:15428
- - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
    3⤵
    PID:2640
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:4092
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:6784
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:17700
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:10800
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:18080
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:5684
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:13336
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:8716
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:14580
- - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
    3⤵
    PID:3668
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:6052
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:14996
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:8876
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:17184
- - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
    3⤵
    PID:4852
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:8564
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:17264
- - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
    3⤵
    PID:7252
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:15380
- - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
    3⤵
    PID:14480
- C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
  "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2680
- - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2860
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1504
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:876
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        8⤵
        
        PID:10496
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        8⤵
        
        PID:16044
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:8544
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:17116
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:8608
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        8⤵
        
        PID:17984
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:17108
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:17504
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:13960
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:3092
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:9192
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:16164
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:17528
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:11208
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:4600
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:8148
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:11232
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:6396
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:15540
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:10432
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:17200
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:2488
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:3232
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:10424
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:17208
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:7956
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:15508
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:4652
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:8212
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:10900
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:18056
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:6524
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:17596
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:9888
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:17320
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:1980
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:4616
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:8840
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:16108
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:7460
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:17736
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:11164
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:4460
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:8480
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:17256
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:6184
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:14100
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:9456
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:17124
- - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3024
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:1932
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:3448
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:10472
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:16004
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:8576
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:17280
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:4876
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:7352
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:15004
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:11016
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:18040
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:6832
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:17012
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:14248
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:536
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:4808
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:9928
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:18096
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:7228
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:15588
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:14920
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:4556
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:7132
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:4488
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:14212
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:5700
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:15708
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:9464
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:17036
- - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2484
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:3180
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:2532
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:9504
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:17152
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:7620
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:18032
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:14020
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:4628
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:8220
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:10928
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:19264
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:6484
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:15020
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:10832
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:4500
- - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
    3⤵
    PID:2312
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:4448
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:7376
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:17512
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:11200
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:5568
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:13976
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:9728
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:17544
- - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
    3⤵
    PID:3572
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:7040
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:17728
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:14196
- - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
    3⤵
    PID:5784
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:13440
- - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
    3⤵
    PID:8916
- - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
    3⤵
    PID:16012
- C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
  "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2672
- - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1756
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2260
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:3124
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:9952
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:18112
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:7916
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:15012
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:4584
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:8120
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:18008
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:15068
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:6208
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:15604
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:10456
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:17240
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:340
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:4204
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        7⤵
        
        PID:15444
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:14156
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:5292
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:13464
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:9168
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:16084
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:3328
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:6904
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:17744
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:10776
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:17976
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:5820
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:10316
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:16128
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:7900
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:18016
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:15060
- - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
    3⤵
    PID:2212
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:3220
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:5108
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:9744
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:17168
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:7612
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:17304
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:14164
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:4644
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:8536
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:17028
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:6532
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:14012
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:9872
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:17296
- - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
    3⤵
    PID:2164
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:4256
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:7292
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:15532
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:14588
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:6132
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:15484
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:8552
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:17044
- - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
    3⤵
    PID:2068
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:6856
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:16020
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:14240
- - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
    3⤵
    PID:5748
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:13936
- - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
    3⤵
    PID:8908
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:20136
- - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
    3⤵
    PID:16052
- C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
  "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3032
- - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
    3⤵
    PID:1916
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:3404
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:5428
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:10992
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:18128
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:7512
      - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        6⤵
        
        PID:2052
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:15620
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:4828
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:9064
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:17404
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:6616
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:17556
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:10976
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:17420
- - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
    3⤵
    PID:1652
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:4660
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:9080
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:17388
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:7468
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:14988
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:10984
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:19196
- - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
    3⤵
    PID:4416
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:7284
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:17328
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:14528
- - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
    3⤵
    PID:5840
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:15596
- - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
    3⤵
    PID:9160
- - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
    3⤵
    PID:16068
- C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
  "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
  2⤵
  PID:2144
- - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
    3⤵
    PID:3316
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:5324
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:11000
    - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
        5⤵
        
        PID:18088
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:660
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:14472
- - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
    3⤵
    PID:4744
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:8456
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:16872
- - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
    3⤵
    PID:6764
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:13608
- - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
    3⤵
    PID:10792
- - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
    3⤵
    PID:18064
- C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
  "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
  2⤵
  PID:2076
- - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
    3⤵
    PID:4484
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:9072
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:924
- - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
    3⤵
    PID:7260
  - - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
      "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
      4⤵
      PID:15612
- - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
    3⤵
    PID:14140
- C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
  "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
  2⤵
  PID:4440
- - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
    3⤵
    PID:8236
- - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
    3⤵
    PID:10916
- - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
    3⤵
    PID:19092
- C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
  "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
  2⤵
  PID:5448
- - C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
    3⤵
    PID:15076
- C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
  "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
  2⤵
  PID:9488
- C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe
  "C:\Users\Admin\AppData\Local\Temp\5aa1947b55064cbf345c04a91d044110N.exe"
  2⤵
  PID:17020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\american gay animal sleeping hole .mpg.exe

Filesize
1.1MB

MD5
6b0a4aff598a11a5f53982e06e16574b

SHA1
712a1d7c40567bd173e6b7d619e27e87ef9d26d7

SHA256
7e6676e833be8f667ec257fda3202914b68d5064c4c55c5421f23fe99adfa790

SHA512
39e283b9d46137119b737627f156c2979e6fe33f68232a12b98f5a1ac3449173efb167ef21cc32bde9b54bc792bec38c12849c930ce204485f37c3706566d1ac

Download Submit
C:\debug.txt

Filesize
183B

MD5
fd9e11754fb3cb4de91aa67bc634e31e

SHA1
63fd71a6f6b5b58e441d3e1e0cf1e427865b1080

SHA256
cd2d1dfe1811c2c22531521b7de9f8391bf0cde9cbb844de5428c89044f00836

SHA512
6fd97346cef5615205508e06e483e6a68d40089cd7ec0c5e7dfe098b5c316875e60baf3922ba3e6097b48bc53d66f8aa510823a2402230da9eafd932e23285d0

Download Submit
memory/316-104-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/316-120-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/340-183-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/380-129-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/380-112-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/536-184-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/736-171-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/876-160-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1044-118-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1044-134-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1072-133-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1072-117-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1420-131-0x00000000060D0000-0x0000000006126000-memory.dmp

Filesize
344KB

Download
memory/1420-149-0x00000000060D0000-0x0000000006126000-memory.dmp

Filesize
344KB

Download
memory/1420-0-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1420-92-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1420-550-0x00000000743B0000-0x00000000743B3000-memory.dmp

Filesize
12KB

Download
memory/1420-90-0x00000000060D0000-0x0000000006126000-memory.dmp

Filesize
344KB

Download
memory/1420-54-0x00000000060D0000-0x0000000006126000-memory.dmp

Filesize
344KB

Download
memory/1452-115-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1452-99-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1476-147-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1504-108-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1504-185-0x0000000004610000-0x0000000004666000-memory.dmp

Filesize
344KB

Download
memory/1504-126-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1596-119-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1652-181-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1660-98-0x0000000004E10000-0x0000000004E66000-memory.dmp

Filesize
344KB

Download
memory/1660-164-0x0000000005090000-0x00000000050E6000-memory.dmp

Filesize
344KB

Download
memory/1660-146-0x0000000005090000-0x00000000050E6000-memory.dmp

Filesize
344KB

Download
memory/1660-102-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1696-177-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1756-105-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1756-127-0x0000000004E30000-0x0000000004E86000-memory.dmp

Filesize
344KB

Download
memory/1884-124-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1884-139-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1896-135-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1896-122-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1916-156-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1928-138-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1928-123-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1928-155-0x0000000004E20000-0x0000000004E76000-memory.dmp

Filesize
344KB

Download
memory/1932-159-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1944-143-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1944-162-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2076-182-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2092-150-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2092-165-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2104-176-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2144-151-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2164-180-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2164-168-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2176-140-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2176-161-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2212-141-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2260-144-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2312-172-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2320-178-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2392-121-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2436-163-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2436-145-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2484-142-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2488-148-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2604-175-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2640-154-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2640-169-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2644-89-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2644-97-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2672-95-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2672-111-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2680-101-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2680-91-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2680-166-0x00000000050B0000-0x0000000005106000-memory.dmp

Filesize
344KB

Download
memory/2732-167-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2732-153-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2796-130-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2796-114-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2840-116-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2840-100-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2840-173-0x0000000004F60000-0x0000000004FB6000-memory.dmp

Filesize
344KB

Download
memory/2860-96-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2860-113-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2860-179-0x0000000004D50000-0x0000000004DA6000-memory.dmp

Filesize
344KB

Download
memory/2908-174-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2924-170-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2924-157-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3004-106-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3004-93-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3024-107-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3024-125-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3024-158-0x0000000004E40000-0x0000000004E96000-memory.dmp

Filesize
344KB

Download
memory/3032-109-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3032-132-0x0000000004E10000-0x0000000004E66000-memory.dmp

Filesize
344KB

Download
memory/3032-128-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3032-152-0x0000000004E10000-0x0000000004E66000-memory.dmp

Filesize
344KB

Download
memory/3068-103-0x00000000050D0000-0x0000000005126000-memory.dmp

Filesize
344KB

Download
memory/3068-94-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download