632a93c0aa21835c559c8ab3f37235cec56af61719cbb37e115ecd822bcfdbb3

Analysis

max time kernel
18s
max time network
18s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
20/07/2024, 17:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f303074b9e3f955524c3b47d7eb0bb70N.exe
Size

920KB
MD5

f303074b9e3f955524c3b47d7eb0bb70
SHA1

9ded5078c914a3d617237d3c7178aed75b16af04
SHA256

632a93c0aa21835c559c8ab3f37235cec56af61719cbb37e115ecd822bcfdbb3
SHA512

290601268fddc17d0706a1774db08d959e997634fd18bc06e4175854dd0a268b662a5b5b31d7633e3d3fb695bbcefb204aec35bf9fa02ad55b15f1ce609d6ed1
SSDEEP

24576:2wORH9uFgGf2w6qOkZOrHKhKq0pvhljvilP5cz:h6uFFf26dAk0pvhlvilPyz

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	f303074b9e3f955524c3b47d7eb0bb70N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\M:	f303074b9e3f955524c3b47d7eb0bb70N.exe
File opened (read-only)	\??\P:	f303074b9e3f955524c3b47d7eb0bb70N.exe
File opened (read-only)	\??\B:	f303074b9e3f955524c3b47d7eb0bb70N.exe
File opened (read-only)	\??\E:	f303074b9e3f955524c3b47d7eb0bb70N.exe
File opened (read-only)	\??\H:	f303074b9e3f955524c3b47d7eb0bb70N.exe
File opened (read-only)	\??\J:	f303074b9e3f955524c3b47d7eb0bb70N.exe
File opened (read-only)	\??\K:	f303074b9e3f955524c3b47d7eb0bb70N.exe
File opened (read-only)	\??\L:	f303074b9e3f955524c3b47d7eb0bb70N.exe
File opened (read-only)	\??\X:	f303074b9e3f955524c3b47d7eb0bb70N.exe
File opened (read-only)	\??\Y:	f303074b9e3f955524c3b47d7eb0bb70N.exe
File opened (read-only)	\??\I:	f303074b9e3f955524c3b47d7eb0bb70N.exe
File opened (read-only)	\??\S:	f303074b9e3f955524c3b47d7eb0bb70N.exe
File opened (read-only)	\??\V:	f303074b9e3f955524c3b47d7eb0bb70N.exe
File opened (read-only)	\??\N:	f303074b9e3f955524c3b47d7eb0bb70N.exe
File opened (read-only)	\??\O:	f303074b9e3f955524c3b47d7eb0bb70N.exe
File opened (read-only)	\??\Q:	f303074b9e3f955524c3b47d7eb0bb70N.exe
File opened (read-only)	\??\R:	f303074b9e3f955524c3b47d7eb0bb70N.exe
File opened (read-only)	\??\U:	f303074b9e3f955524c3b47d7eb0bb70N.exe
File opened (read-only)	\??\W:	f303074b9e3f955524c3b47d7eb0bb70N.exe
File opened (read-only)	\??\A:	f303074b9e3f955524c3b47d7eb0bb70N.exe
File opened (read-only)	\??\G:	f303074b9e3f955524c3b47d7eb0bb70N.exe
File opened (read-only)	\??\T:	f303074b9e3f955524c3b47d7eb0bb70N.exe
File opened (read-only)	\??\Z:	f303074b9e3f955524c3b47d7eb0bb70N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\xxx uncut blondie (Sonja,Melissa).mpeg.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\SysWOW64\FxsTmp\indian action beast voyeur beautyfull (Jenna,Samantha).rar.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\SysWOW64\IME\shared\swedish cumshot fucking girls glans fishy (Samantha).mpg.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\russian gang bang bukkake [milf] .mpg.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\italian porn beast [bangbus] (Sarah).mpeg.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\SysWOW64\FxsTmp\american horse xxx girls ìï .avi.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\tyrkish beastiality sperm masturbation wifey .avi.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\System32\DriverStore\Temp\lesbian public feet .avi.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\american beastiality bukkake sleeping cock lady .zip.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\SysWOW64\IME\shared\tyrkish animal lesbian several models (Liz).avi.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\italian fetish gay big glans .avi.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\xxx [bangbus] .mpg.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\american cum horse several models titts swallow (Tatjana).mpeg.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\trambling voyeur feet gorgeoushorny .zip.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\lesbian uncut boots .zip.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\japanese cum lesbian [bangbus] feet .mpg.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\blowjob [free] gorgeoushorny .mpeg.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Program Files\Windows Journal\Templates\fucking big bondage (Anniston,Jade).zip.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\tyrkish gang bang lingerie sleeping granny .avi.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Program Files (x86)\Google\Temp\xxx lesbian glans .rar.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Program Files (x86)\Google\Update\Download\xxx big .avi.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Program Files\DVD Maker\Shared\russian cum beast voyeur .zip.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\fucking public cock penetration .mpg.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\beast [free] YEâPSè& (Sonja,Jade).zip.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\german sperm hidden .zip.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe

Drops file in Windows directory 32 IoCs

description	ioc	Process
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\italian gang bang horse [bangbus] titts shoes (Sarah).mpeg.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\black action beast big bondage .zip.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\lingerie several models mistress (Christine,Curtney).mpg.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\assembly\temp\fucking public hole blondie .mpeg.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\japanese fetish trambling girls ash .rar.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\fucking [bangbus] feet ash .zip.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\sperm catfight bondage .zip.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\tyrkish cum blowjob hidden feet redhair .avi.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\tyrkish porn sperm [free] hole .mpg.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\danish cum hardcore catfight .avi.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\trambling licking Ôë .mpg.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\swedish horse sperm girls cock .mpeg.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\hardcore masturbation .mpeg.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\Downloaded Program Files\japanese action bukkake [bangbus] hole bondage (Tatjana).zip.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\tyrkish fetish lesbian [bangbus] shoes .mpeg.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\security\templates\japanese nude horse hot (!) titts young .zip.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\indian horse blowjob hidden cock sm .mpeg.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\sperm several models pregnant .avi.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\italian animal trambling catfight hole shoes (Melissa).mpg.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\tyrkish handjob sperm big cock wifey .zip.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\japanese action trambling sleeping .zip.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\russian porn sperm girls (Liz).zip.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\italian horse sperm hot (!) cock .mpg.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\american beastiality xxx girls titts .zip.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\SoftwareDistribution\Download\swedish cumshot fucking full movie titts high heels (Janette).mpg.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\italian cum hardcore girls feet upskirt .zip.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\black action beast girls ash (Gina,Tatjana).zip.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\swedish beastiality beast big ash (Ashley,Janette).mpeg.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\mssrv.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\american porn trambling catfight boots .avi.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\PLA\Templates\lesbian hot (!) titts high heels .avi.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\assembly\tmp\fucking several models feet leather .avi.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2816	f303074b9e3f955524c3b47d7eb0bb70N.exe
2788	f303074b9e3f955524c3b47d7eb0bb70N.exe
2816	f303074b9e3f955524c3b47d7eb0bb70N.exe
2616	f303074b9e3f955524c3b47d7eb0bb70N.exe
2788	f303074b9e3f955524c3b47d7eb0bb70N.exe
1900	f303074b9e3f955524c3b47d7eb0bb70N.exe
2816	f303074b9e3f955524c3b47d7eb0bb70N.exe
1992	f303074b9e3f955524c3b47d7eb0bb70N.exe
2788	f303074b9e3f955524c3b47d7eb0bb70N.exe
1988	f303074b9e3f955524c3b47d7eb0bb70N.exe
2964	f303074b9e3f955524c3b47d7eb0bb70N.exe
2616	f303074b9e3f955524c3b47d7eb0bb70N.exe
1900	f303074b9e3f955524c3b47d7eb0bb70N.exe
1612	f303074b9e3f955524c3b47d7eb0bb70N.exe
2816	f303074b9e3f955524c3b47d7eb0bb70N.exe
2616	f303074b9e3f955524c3b47d7eb0bb70N.exe
2896	f303074b9e3f955524c3b47d7eb0bb70N.exe
2920	f303074b9e3f955524c3b47d7eb0bb70N.exe
2788	f303074b9e3f955524c3b47d7eb0bb70N.exe
1992	f303074b9e3f955524c3b47d7eb0bb70N.exe
1900	f303074b9e3f955524c3b47d7eb0bb70N.exe
2900	f303074b9e3f955524c3b47d7eb0bb70N.exe
2372	f303074b9e3f955524c3b47d7eb0bb70N.exe
1196	f303074b9e3f955524c3b47d7eb0bb70N.exe
1988	f303074b9e3f955524c3b47d7eb0bb70N.exe
2816	f303074b9e3f955524c3b47d7eb0bb70N.exe
1772	f303074b9e3f955524c3b47d7eb0bb70N.exe
2172	f303074b9e3f955524c3b47d7eb0bb70N.exe
544	f303074b9e3f955524c3b47d7eb0bb70N.exe
1612	f303074b9e3f955524c3b47d7eb0bb70N.exe
2964	f303074b9e3f955524c3b47d7eb0bb70N.exe
2216	f303074b9e3f955524c3b47d7eb0bb70N.exe
2616	f303074b9e3f955524c3b47d7eb0bb70N.exe
2788	f303074b9e3f955524c3b47d7eb0bb70N.exe
1992	f303074b9e3f955524c3b47d7eb0bb70N.exe
1464	f303074b9e3f955524c3b47d7eb0bb70N.exe
2260	f303074b9e3f955524c3b47d7eb0bb70N.exe
2340	f303074b9e3f955524c3b47d7eb0bb70N.exe
2120	f303074b9e3f955524c3b47d7eb0bb70N.exe
1900	f303074b9e3f955524c3b47d7eb0bb70N.exe
2896	f303074b9e3f955524c3b47d7eb0bb70N.exe
2180	f303074b9e3f955524c3b47d7eb0bb70N.exe
1892	f303074b9e3f955524c3b47d7eb0bb70N.exe
1044	f303074b9e3f955524c3b47d7eb0bb70N.exe
2484	f303074b9e3f955524c3b47d7eb0bb70N.exe
2816	f303074b9e3f955524c3b47d7eb0bb70N.exe
1988	f303074b9e3f955524c3b47d7eb0bb70N.exe
1612	f303074b9e3f955524c3b47d7eb0bb70N.exe
2964	f303074b9e3f955524c3b47d7eb0bb70N.exe
1800	f303074b9e3f955524c3b47d7eb0bb70N.exe
1800	f303074b9e3f955524c3b47d7eb0bb70N.exe
1288	f303074b9e3f955524c3b47d7eb0bb70N.exe
1288	f303074b9e3f955524c3b47d7eb0bb70N.exe
1468	f303074b9e3f955524c3b47d7eb0bb70N.exe
1468	f303074b9e3f955524c3b47d7eb0bb70N.exe
1516	f303074b9e3f955524c3b47d7eb0bb70N.exe
1516	f303074b9e3f955524c3b47d7eb0bb70N.exe
2920	f303074b9e3f955524c3b47d7eb0bb70N.exe
2920	f303074b9e3f955524c3b47d7eb0bb70N.exe
1960	f303074b9e3f955524c3b47d7eb0bb70N.exe
1960	f303074b9e3f955524c3b47d7eb0bb70N.exe
1616	f303074b9e3f955524c3b47d7eb0bb70N.exe
1616	f303074b9e3f955524c3b47d7eb0bb70N.exe
2900	f303074b9e3f955524c3b47d7eb0bb70N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2816 wrote to memory of 2788	2816	f303074b9e3f955524c3b47d7eb0bb70N.exe	30
PID 2816 wrote to memory of 2788	2816	f303074b9e3f955524c3b47d7eb0bb70N.exe	30
PID 2816 wrote to memory of 2788	2816	f303074b9e3f955524c3b47d7eb0bb70N.exe	30
PID 2816 wrote to memory of 2788	2816	f303074b9e3f955524c3b47d7eb0bb70N.exe	30
PID 2788 wrote to memory of 2616	2788	f303074b9e3f955524c3b47d7eb0bb70N.exe	31
PID 2788 wrote to memory of 2616	2788	f303074b9e3f955524c3b47d7eb0bb70N.exe	31
PID 2788 wrote to memory of 2616	2788	f303074b9e3f955524c3b47d7eb0bb70N.exe	31
PID 2788 wrote to memory of 2616	2788	f303074b9e3f955524c3b47d7eb0bb70N.exe	31
PID 2816 wrote to memory of 1900	2816	f303074b9e3f955524c3b47d7eb0bb70N.exe	32
PID 2816 wrote to memory of 1900	2816	f303074b9e3f955524c3b47d7eb0bb70N.exe	32
PID 2816 wrote to memory of 1900	2816	f303074b9e3f955524c3b47d7eb0bb70N.exe	32
PID 2816 wrote to memory of 1900	2816	f303074b9e3f955524c3b47d7eb0bb70N.exe	32
PID 2788 wrote to memory of 1988	2788	f303074b9e3f955524c3b47d7eb0bb70N.exe	33
PID 2788 wrote to memory of 1988	2788	f303074b9e3f955524c3b47d7eb0bb70N.exe	33
PID 2788 wrote to memory of 1988	2788	f303074b9e3f955524c3b47d7eb0bb70N.exe	33
PID 2788 wrote to memory of 1988	2788	f303074b9e3f955524c3b47d7eb0bb70N.exe	33
PID 2616 wrote to memory of 1992	2616	f303074b9e3f955524c3b47d7eb0bb70N.exe	34
PID 2616 wrote to memory of 1992	2616	f303074b9e3f955524c3b47d7eb0bb70N.exe	34
PID 2616 wrote to memory of 1992	2616	f303074b9e3f955524c3b47d7eb0bb70N.exe	34
PID 2616 wrote to memory of 1992	2616	f303074b9e3f955524c3b47d7eb0bb70N.exe	34
PID 1900 wrote to memory of 2964	1900	f303074b9e3f955524c3b47d7eb0bb70N.exe	35
PID 1900 wrote to memory of 2964	1900	f303074b9e3f955524c3b47d7eb0bb70N.exe	35
PID 1900 wrote to memory of 2964	1900	f303074b9e3f955524c3b47d7eb0bb70N.exe	35
PID 1900 wrote to memory of 2964	1900	f303074b9e3f955524c3b47d7eb0bb70N.exe	35
PID 2816 wrote to memory of 1612	2816	f303074b9e3f955524c3b47d7eb0bb70N.exe	36
PID 2816 wrote to memory of 1612	2816	f303074b9e3f955524c3b47d7eb0bb70N.exe	36
PID 2816 wrote to memory of 1612	2816	f303074b9e3f955524c3b47d7eb0bb70N.exe	36
PID 2816 wrote to memory of 1612	2816	f303074b9e3f955524c3b47d7eb0bb70N.exe	36
PID 2788 wrote to memory of 2896	2788	f303074b9e3f955524c3b47d7eb0bb70N.exe	37
PID 2788 wrote to memory of 2896	2788	f303074b9e3f955524c3b47d7eb0bb70N.exe	37
PID 2788 wrote to memory of 2896	2788	f303074b9e3f955524c3b47d7eb0bb70N.exe	37
PID 2788 wrote to memory of 2896	2788	f303074b9e3f955524c3b47d7eb0bb70N.exe	37
PID 1992 wrote to memory of 2900	1992	f303074b9e3f955524c3b47d7eb0bb70N.exe	38
PID 1992 wrote to memory of 2900	1992	f303074b9e3f955524c3b47d7eb0bb70N.exe	38
PID 1992 wrote to memory of 2900	1992	f303074b9e3f955524c3b47d7eb0bb70N.exe	38
PID 1992 wrote to memory of 2900	1992	f303074b9e3f955524c3b47d7eb0bb70N.exe	38
PID 2616 wrote to memory of 2920	2616	f303074b9e3f955524c3b47d7eb0bb70N.exe	39
PID 2616 wrote to memory of 2920	2616	f303074b9e3f955524c3b47d7eb0bb70N.exe	39
PID 2616 wrote to memory of 2920	2616	f303074b9e3f955524c3b47d7eb0bb70N.exe	39
PID 2616 wrote to memory of 2920	2616	f303074b9e3f955524c3b47d7eb0bb70N.exe	39
PID 1900 wrote to memory of 2372	1900	f303074b9e3f955524c3b47d7eb0bb70N.exe	40
PID 1900 wrote to memory of 2372	1900	f303074b9e3f955524c3b47d7eb0bb70N.exe	40
PID 1900 wrote to memory of 2372	1900	f303074b9e3f955524c3b47d7eb0bb70N.exe	40
PID 1900 wrote to memory of 2372	1900	f303074b9e3f955524c3b47d7eb0bb70N.exe	40
PID 2816 wrote to memory of 1772	2816	f303074b9e3f955524c3b47d7eb0bb70N.exe	41
PID 2816 wrote to memory of 1772	2816	f303074b9e3f955524c3b47d7eb0bb70N.exe	41
PID 2816 wrote to memory of 1772	2816	f303074b9e3f955524c3b47d7eb0bb70N.exe	41
PID 2816 wrote to memory of 1772	2816	f303074b9e3f955524c3b47d7eb0bb70N.exe	41
PID 1988 wrote to memory of 1196	1988	f303074b9e3f955524c3b47d7eb0bb70N.exe	42
PID 1988 wrote to memory of 1196	1988	f303074b9e3f955524c3b47d7eb0bb70N.exe	42
PID 1988 wrote to memory of 1196	1988	f303074b9e3f955524c3b47d7eb0bb70N.exe	42
PID 1988 wrote to memory of 1196	1988	f303074b9e3f955524c3b47d7eb0bb70N.exe	42
PID 1612 wrote to memory of 2172	1612	f303074b9e3f955524c3b47d7eb0bb70N.exe	43
PID 1612 wrote to memory of 2172	1612	f303074b9e3f955524c3b47d7eb0bb70N.exe	43
PID 1612 wrote to memory of 2172	1612	f303074b9e3f955524c3b47d7eb0bb70N.exe	43
PID 1612 wrote to memory of 2172	1612	f303074b9e3f955524c3b47d7eb0bb70N.exe	43
PID 2964 wrote to memory of 544	2964	f303074b9e3f955524c3b47d7eb0bb70N.exe	44
PID 2964 wrote to memory of 544	2964	f303074b9e3f955524c3b47d7eb0bb70N.exe	44
PID 2964 wrote to memory of 544	2964	f303074b9e3f955524c3b47d7eb0bb70N.exe	44
PID 2964 wrote to memory of 544	2964	f303074b9e3f955524c3b47d7eb0bb70N.exe	44
PID 2616 wrote to memory of 1464	2616	f303074b9e3f955524c3b47d7eb0bb70N.exe	45
PID 2616 wrote to memory of 1464	2616	f303074b9e3f955524c3b47d7eb0bb70N.exe	45
PID 2616 wrote to memory of 1464	2616	f303074b9e3f955524c3b47d7eb0bb70N.exe	45
PID 2616 wrote to memory of 1464	2616	f303074b9e3f955524c3b47d7eb0bb70N.exe	45

C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
"C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2816
- C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
  "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2788
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2616
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1992
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2900
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        7⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        8⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        8⤵
        
        PID:10516
        
        C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        7⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        8⤵
        
        PID:9388
        
        C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        7⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        7⤵
        
        PID:10644
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        7⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        7⤵
        
        PID:8860
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:3856
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:5364
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:8788
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2260
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        7⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        8⤵
        
        PID:8972
        
        C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        7⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        7⤵
        
        PID:8764
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        7⤵
        
        PID:8932
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:5140
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:8900
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:676
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        7⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        7⤵
        
        PID:8716
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:5068
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:8692
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:2452
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:5708
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:10508
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:4392
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:6588
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:11768
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:5900
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:10552
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2920
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1800
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        7⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        7⤵
        
        PID:8852
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:4364
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:6060
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:8756
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:2564
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:4792
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:8684
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:3760
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:5572
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:10480
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1464
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:1576
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:3932
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:8656
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:3480
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:6276
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:9352
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:5060
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:6548
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:8956
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:924
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:3532
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:5148
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:8724
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:8908
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:3080
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:4732
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:8948
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:8820
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:4476
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:9288
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:8884
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1988
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1196
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1516
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        7⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        8⤵
        
        PID:9280
        
        C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        7⤵
        
        PID:10668
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:4132
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:8648
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:2408
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:5036
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:8844
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:3980
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:9376
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:5644
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:9000
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2180
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:2596
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        7⤵
        
        PID:6516
        
        C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        7⤵
        
        PID:9592
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:5964
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:10536
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:3708
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:8980
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:5828
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:10652
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:2628
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:4780
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:8964
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:3692
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:5540
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:10956
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2896
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2120
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        7⤵
        
        PID:9492
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:6556
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:3612
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:5412
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:8876
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:1920
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:3724
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:6580
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:11520
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:5508
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:10604
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:3272
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:4344
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:9220
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:6564
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:4660
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:5836
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:10724
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2216
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:1672
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:3664
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:9248
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:5340
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:8916
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:3120
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:5700
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:8828
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:4384
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:5940
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:10528
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    PID:3000
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:3500
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:6288
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:9272
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:5332
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:9240
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    PID:2280
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:5404
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:8812
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    PID:4372
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    PID:8804
- C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
  "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1900
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2964
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:544
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1616
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        7⤵
        
        PID:8640
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        7⤵
        
        PID:8632
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:6248
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:9344
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:1928
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:5176
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:8924
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:4088
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:9304
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:5932
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:10596
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2484
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:2112
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:5588
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:10496
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:1548
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:8664
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:2008
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:4848
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:8616
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:3700
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:8624
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:5564
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:10676
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2372
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1468
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:3248
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:5716
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:9024
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:4468
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:5948
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:10572
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:1372
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:4692
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:5916
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:10564
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:3972
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:6036
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:10620
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2340
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:2956
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:4124
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:9296
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:8868
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:3456
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:4988
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:9320
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:8740
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    PID:2316
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:3732
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:5548
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:10468
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    PID:3264
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:5844
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:10992
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    PID:4576
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    PID:8780
- C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
  "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1612
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2172
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:2224
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:3344
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        7⤵
        
        PID:9256
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:5908
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:10636
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:4668
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:9368
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:5972
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:10628
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:1984
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:5004
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:9360
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:4100
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:9336
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:8940
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1044
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:2892
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:4684
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:9312
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:5924
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:10588
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:3832
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:5524
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:10612
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:5664
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:8772
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    PID:1908
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:4568
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:8892
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    PID:3620
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:6328
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:9264
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    PID:5132
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:8732
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    PID:8836
- C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
  "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1772
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1960
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:3300
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:5432
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:8676
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:4116
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:1596
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:8796
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    PID:2572
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:5020
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:6540
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:8748
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    PID:3916
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    PID:6448
- C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
  "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1892
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    PID:1060
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:3900
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:5956
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:10580
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    PID:3752
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:6320
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:9616
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    PID:5348
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:9328
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    PID:8700
- C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
  "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
  2⤵
  PID:2756
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    PID:4428
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    PID:5680
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    PID:8708
- C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
  "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
  2⤵
  PID:3684
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    PID:6048
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    PID:10544
- C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
  "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
  2⤵
  PID:5532
- C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
  "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
  2⤵
  PID:10660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\italian fetish gay big glans .avi.exe

Filesize
843KB

MD5
0b3c599eb85bee019d4b980a94284549

SHA1
773373cef9b98f5436cdb26daf78a7c8b7b35aaf

SHA256
99b0dea431db9d726de6f51c7871edfc36d493db11d372bfd8164cc3e163a3b7

SHA512
773f4eb9b4447a2869290935ca601e34c73ebc694149d120f57ded2f29e151e268be08addd5c8a722bd23daccb47a35996d06254049966d32fa22a87b61e2593

Download Submit