ffc9c7c42257085bfc357166af588afe87210dc1da64490832db27919bdc7504

Analysis

max time kernel
28s
max time network
87s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
21/07/2024, 07:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

87703ea84056a117f07ce15aab3bda00N.exe
Size

91KB
MD5

87703ea84056a117f07ce15aab3bda00
SHA1

30dba80dcf19bb99e635bfb455996671890d026b
SHA256

ffc9c7c42257085bfc357166af588afe87210dc1da64490832db27919bdc7504
SHA512

99e987040b9d9f7bedc84459ee0a66238001c03a9ab00ed78291b86f5805395205e0a83ed3df0ed074838de034cb31f7065e4173256132f4ba8f8591d4a9afe7
SSDEEP

1536:dS2vOUHVOKZWwrgdGPiiv9vgmh7vfaOe/pwFquLFUTQnN3R9M5WLiVwt3B7H:djzhZWxivgmhbI/pqqsFUCN3R9MI+QB

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	87703ea84056a117f07ce15aab3bda00N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\J:	87703ea84056a117f07ce15aab3bda00N.exe
File opened (read-only)	\??\L:	87703ea84056a117f07ce15aab3bda00N.exe
File opened (read-only)	\??\M:	87703ea84056a117f07ce15aab3bda00N.exe
File opened (read-only)	\??\U:	87703ea84056a117f07ce15aab3bda00N.exe
File opened (read-only)	\??\A:	87703ea84056a117f07ce15aab3bda00N.exe
File opened (read-only)	\??\N:	87703ea84056a117f07ce15aab3bda00N.exe
File opened (read-only)	\??\Q:	87703ea84056a117f07ce15aab3bda00N.exe
File opened (read-only)	\??\V:	87703ea84056a117f07ce15aab3bda00N.exe
File opened (read-only)	\??\W:	87703ea84056a117f07ce15aab3bda00N.exe
File opened (read-only)	\??\Z:	87703ea84056a117f07ce15aab3bda00N.exe
File opened (read-only)	\??\B:	87703ea84056a117f07ce15aab3bda00N.exe
File opened (read-only)	\??\O:	87703ea84056a117f07ce15aab3bda00N.exe
File opened (read-only)	\??\T:	87703ea84056a117f07ce15aab3bda00N.exe
File opened (read-only)	\??\H:	87703ea84056a117f07ce15aab3bda00N.exe
File opened (read-only)	\??\G:	87703ea84056a117f07ce15aab3bda00N.exe
File opened (read-only)	\??\I:	87703ea84056a117f07ce15aab3bda00N.exe
File opened (read-only)	\??\K:	87703ea84056a117f07ce15aab3bda00N.exe
File opened (read-only)	\??\P:	87703ea84056a117f07ce15aab3bda00N.exe
File opened (read-only)	\??\R:	87703ea84056a117f07ce15aab3bda00N.exe
File opened (read-only)	\??\S:	87703ea84056a117f07ce15aab3bda00N.exe
File opened (read-only)	\??\X:	87703ea84056a117f07ce15aab3bda00N.exe
File opened (read-only)	\??\E:	87703ea84056a117f07ce15aab3bda00N.exe
File opened (read-only)	\??\Y:	87703ea84056a117f07ce15aab3bda00N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\FxsTmp\japanese animal blowjob hot (!) hairy .rar.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\SysWOW64\IME\shared\italian horse horse public (Liz).mpeg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\danish cum gay several models granny .mpg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\System32\DriverStore\Temp\horse voyeur ash (Sandy,Melissa).mpg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\SysWOW64\FxsTmp\gang bang beast girls (Melissa).rar.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\hardcore voyeur feet mistress .zip.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\tyrkish animal beast catfight cock traffic (Karin).zip.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\horse hot (!) glans ash (Samantha).rar.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\tyrkish animal bukkake [free] redhair .mpg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\SysWOW64\IME\shared\brasilian nude fucking [free] (Curtney).mpeg.exe	87703ea84056a117f07ce15aab3bda00N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\brasilian fetish trambling public hole .rar.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\blowjob uncut femdom .mpeg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Program Files\Windows Journal\Templates\japanese gang bang hardcore uncut feet ejaculation .zip.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\xxx big hole hairy (Curtney).zip.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\lingerie masturbation (Curtney).mpg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\indian kicking horse masturbation titts stockings .avi.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\japanese kicking trambling sleeping blondie .mpeg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Program Files\DVD Maker\Shared\horse several models .rar.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Program Files (x86)\Google\Temp\italian animal trambling full movie stockings .rar.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Program Files (x86)\Google\Update\Download\italian fetish bukkake several models .mpg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\american horse beast full movie titts bedroom (Jade).avi.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\hardcore hot (!) swallow .mpg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\american nude trambling masturbation titts .mpg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\blowjob girls glans mature .mpg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\xxx [milf] feet traffic .zip.exe	87703ea84056a117f07ce15aab3bda00N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\italian porn lesbian big redhair .zip.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\malaysia gay girls YEâPSè& .mpg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\handjob blowjob several models titts .rar.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\canadian lingerie sleeping (Sarah).zip.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\hardcore lesbian shoes .rar.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\indian horse beast girls glans stockings .zip.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\bukkake masturbation feet 40+ (Samantha).zip.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\black animal horse voyeur (Samantha).rar.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\blowjob lesbian cock balls .zip.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\danish fetish bukkake hot (!) feet (Kathrin,Tatjana).mpg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\security\templates\black kicking hardcore several models hole gorgeoushorny .zip.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\SoftwareDistribution\Download\lesbian voyeur (Sarah).zip.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\russian porn bukkake hot (!) sweet .avi.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\horse hardcore [bangbus] shower (Anniston,Karin).rar.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\malaysia beast licking (Sylvia).rar.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\assembly\temp\trambling [free] glans hairy .mpg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\xxx full movie .avi.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\british sperm girls titts young .rar.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\canadian xxx voyeur (Melissa).mpg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\gang bang bukkake [bangbus] .mpg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\swedish action trambling catfight .mpeg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\malaysia lesbian public stockings .avi.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\italian cum sperm voyeur .rar.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\horse horse voyeur (Liz).rar.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\kicking xxx full movie feet black hairunshaved .mpg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\animal horse full movie black hairunshaved .mpeg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\brasilian porn beast big feet .avi.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\brasilian cumshot bukkake voyeur .avi.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\russian fetish xxx big hole stockings .mpg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\black action beast [free] titts balls .zip.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\black kicking sperm several models latex .zip.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\norwegian sperm full movie (Sylvia).avi.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\african beast hot (!) .mpg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\german fucking big wifey .mpeg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\norwegian fucking [milf] ejaculation .mpg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\beastiality gay lesbian mature .avi.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\japanese fetish fucking licking castration .mpeg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\swedish gang bang lesbian catfight pregnant .mpeg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\horse xxx [milf] traffic (Jenna,Janette).zip.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\indian nude horse masturbation boots .rar.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\bukkake hidden 50+ .mpg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\lingerie licking cock black hairunshaved (Curtney).rar.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\black action trambling big .rar.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\gay sleeping hotel (Gina,Samantha).mpg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\horse blowjob [bangbus] feet bondage .avi.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\action fucking girls .zip.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\beast catfight upskirt (Sandy,Tatjana).mpg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\porn lesbian sleeping upskirt .zip.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\russian handjob hardcore masturbation .rar.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\black gang bang lingerie catfight hole circumcision (Melissa).avi.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\canadian trambling lesbian cock black hairunshaved .mpg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\Downloaded Program Files\blowjob masturbation beautyfull .avi.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\black horse xxx [free] glans .avi.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\norwegian bukkake big pregnant .mpeg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\italian cum lingerie masturbation .avi.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\swedish kicking fucking masturbation sm .zip.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\norwegian blowjob big sweet (Jenna,Janette).zip.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\brasilian cumshot horse hidden boots .zip.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\french gay full movie sm .mpg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\porn beast catfight hole .mpg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\russian cum lesbian hot (!) feet .avi.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\gang bang fucking [free] 40+ .zip.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\blowjob [milf] hole stockings (Jade).zip.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\porn hardcore several models gorgeoushorny .zip.exe	87703ea84056a117f07ce15aab3bda00N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2316	87703ea84056a117f07ce15aab3bda00N.exe
2840	87703ea84056a117f07ce15aab3bda00N.exe
2316	87703ea84056a117f07ce15aab3bda00N.exe
2672	87703ea84056a117f07ce15aab3bda00N.exe
3000	87703ea84056a117f07ce15aab3bda00N.exe
2840	87703ea84056a117f07ce15aab3bda00N.exe
2316	87703ea84056a117f07ce15aab3bda00N.exe
3012	87703ea84056a117f07ce15aab3bda00N.exe
1304	87703ea84056a117f07ce15aab3bda00N.exe
2672	87703ea84056a117f07ce15aab3bda00N.exe
1144	87703ea84056a117f07ce15aab3bda00N.exe
3000	87703ea84056a117f07ce15aab3bda00N.exe
2016	87703ea84056a117f07ce15aab3bda00N.exe
2840	87703ea84056a117f07ce15aab3bda00N.exe
2316	87703ea84056a117f07ce15aab3bda00N.exe
1512	87703ea84056a117f07ce15aab3bda00N.exe
1148	87703ea84056a117f07ce15aab3bda00N.exe
2348	87703ea84056a117f07ce15aab3bda00N.exe
3012	87703ea84056a117f07ce15aab3bda00N.exe
1732	87703ea84056a117f07ce15aab3bda00N.exe
2672	87703ea84056a117f07ce15aab3bda00N.exe
1144	87703ea84056a117f07ce15aab3bda00N.exe
1540	87703ea84056a117f07ce15aab3bda00N.exe
1908	87703ea84056a117f07ce15aab3bda00N.exe
1304	87703ea84056a117f07ce15aab3bda00N.exe
340	87703ea84056a117f07ce15aab3bda00N.exe
1828	87703ea84056a117f07ce15aab3bda00N.exe
3000	87703ea84056a117f07ce15aab3bda00N.exe
2840	87703ea84056a117f07ce15aab3bda00N.exe
2016	87703ea84056a117f07ce15aab3bda00N.exe
2316	87703ea84056a117f07ce15aab3bda00N.exe
2480	87703ea84056a117f07ce15aab3bda00N.exe
2256	87703ea84056a117f07ce15aab3bda00N.exe
2432	87703ea84056a117f07ce15aab3bda00N.exe
1512	87703ea84056a117f07ce15aab3bda00N.exe
880	87703ea84056a117f07ce15aab3bda00N.exe
2504	87703ea84056a117f07ce15aab3bda00N.exe
2888	87703ea84056a117f07ce15aab3bda00N.exe
2944	87703ea84056a117f07ce15aab3bda00N.exe
1148	87703ea84056a117f07ce15aab3bda00N.exe
3012	87703ea84056a117f07ce15aab3bda00N.exe
1732	87703ea84056a117f07ce15aab3bda00N.exe
2348	87703ea84056a117f07ce15aab3bda00N.exe
2672	87703ea84056a117f07ce15aab3bda00N.exe
2672	87703ea84056a117f07ce15aab3bda00N.exe
1144	87703ea84056a117f07ce15aab3bda00N.exe
1144	87703ea84056a117f07ce15aab3bda00N.exe
1248	87703ea84056a117f07ce15aab3bda00N.exe
1248	87703ea84056a117f07ce15aab3bda00N.exe
952	87703ea84056a117f07ce15aab3bda00N.exe
952	87703ea84056a117f07ce15aab3bda00N.exe
1392	87703ea84056a117f07ce15aab3bda00N.exe
1392	87703ea84056a117f07ce15aab3bda00N.exe
2220	87703ea84056a117f07ce15aab3bda00N.exe
2220	87703ea84056a117f07ce15aab3bda00N.exe
1304	87703ea84056a117f07ce15aab3bda00N.exe
1304	87703ea84056a117f07ce15aab3bda00N.exe
2152	87703ea84056a117f07ce15aab3bda00N.exe
2152	87703ea84056a117f07ce15aab3bda00N.exe
604	87703ea84056a117f07ce15aab3bda00N.exe
604	87703ea84056a117f07ce15aab3bda00N.exe
552	87703ea84056a117f07ce15aab3bda00N.exe
552	87703ea84056a117f07ce15aab3bda00N.exe
1524	87703ea84056a117f07ce15aab3bda00N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2316 wrote to memory of 2840	2316	87703ea84056a117f07ce15aab3bda00N.exe	30
PID 2316 wrote to memory of 2840	2316	87703ea84056a117f07ce15aab3bda00N.exe	30
PID 2316 wrote to memory of 2840	2316	87703ea84056a117f07ce15aab3bda00N.exe	30
PID 2316 wrote to memory of 2840	2316	87703ea84056a117f07ce15aab3bda00N.exe	30
PID 2840 wrote to memory of 2672	2840	87703ea84056a117f07ce15aab3bda00N.exe	31
PID 2840 wrote to memory of 2672	2840	87703ea84056a117f07ce15aab3bda00N.exe	31
PID 2840 wrote to memory of 2672	2840	87703ea84056a117f07ce15aab3bda00N.exe	31
PID 2840 wrote to memory of 2672	2840	87703ea84056a117f07ce15aab3bda00N.exe	31
PID 2316 wrote to memory of 3000	2316	87703ea84056a117f07ce15aab3bda00N.exe	32
PID 2316 wrote to memory of 3000	2316	87703ea84056a117f07ce15aab3bda00N.exe	32
PID 2316 wrote to memory of 3000	2316	87703ea84056a117f07ce15aab3bda00N.exe	32
PID 2316 wrote to memory of 3000	2316	87703ea84056a117f07ce15aab3bda00N.exe	32
PID 2672 wrote to memory of 3012	2672	87703ea84056a117f07ce15aab3bda00N.exe	33
PID 2672 wrote to memory of 3012	2672	87703ea84056a117f07ce15aab3bda00N.exe	33
PID 2672 wrote to memory of 3012	2672	87703ea84056a117f07ce15aab3bda00N.exe	33
PID 2672 wrote to memory of 3012	2672	87703ea84056a117f07ce15aab3bda00N.exe	33
PID 3000 wrote to memory of 1304	3000	87703ea84056a117f07ce15aab3bda00N.exe	34
PID 3000 wrote to memory of 1304	3000	87703ea84056a117f07ce15aab3bda00N.exe	34
PID 3000 wrote to memory of 1304	3000	87703ea84056a117f07ce15aab3bda00N.exe	34
PID 3000 wrote to memory of 1304	3000	87703ea84056a117f07ce15aab3bda00N.exe	34
PID 2840 wrote to memory of 1144	2840	87703ea84056a117f07ce15aab3bda00N.exe	35
PID 2840 wrote to memory of 1144	2840	87703ea84056a117f07ce15aab3bda00N.exe	35
PID 2840 wrote to memory of 1144	2840	87703ea84056a117f07ce15aab3bda00N.exe	35
PID 2840 wrote to memory of 1144	2840	87703ea84056a117f07ce15aab3bda00N.exe	35
PID 2316 wrote to memory of 2016	2316	87703ea84056a117f07ce15aab3bda00N.exe	36
PID 2316 wrote to memory of 2016	2316	87703ea84056a117f07ce15aab3bda00N.exe	36
PID 2316 wrote to memory of 2016	2316	87703ea84056a117f07ce15aab3bda00N.exe	36
PID 2316 wrote to memory of 2016	2316	87703ea84056a117f07ce15aab3bda00N.exe	36
PID 3012 wrote to memory of 1512	3012	87703ea84056a117f07ce15aab3bda00N.exe	38
PID 3012 wrote to memory of 1512	3012	87703ea84056a117f07ce15aab3bda00N.exe	38
PID 3012 wrote to memory of 1512	3012	87703ea84056a117f07ce15aab3bda00N.exe	38
PID 3012 wrote to memory of 1512	3012	87703ea84056a117f07ce15aab3bda00N.exe	38
PID 2672 wrote to memory of 1148	2672	87703ea84056a117f07ce15aab3bda00N.exe	39
PID 2672 wrote to memory of 1148	2672	87703ea84056a117f07ce15aab3bda00N.exe	39
PID 2672 wrote to memory of 1148	2672	87703ea84056a117f07ce15aab3bda00N.exe	39
PID 2672 wrote to memory of 1148	2672	87703ea84056a117f07ce15aab3bda00N.exe	39
PID 1304 wrote to memory of 2348	1304	87703ea84056a117f07ce15aab3bda00N.exe	40
PID 1304 wrote to memory of 2348	1304	87703ea84056a117f07ce15aab3bda00N.exe	40
PID 1304 wrote to memory of 2348	1304	87703ea84056a117f07ce15aab3bda00N.exe	40
PID 1304 wrote to memory of 2348	1304	87703ea84056a117f07ce15aab3bda00N.exe	40
PID 1144 wrote to memory of 1732	1144	87703ea84056a117f07ce15aab3bda00N.exe	41
PID 1144 wrote to memory of 1732	1144	87703ea84056a117f07ce15aab3bda00N.exe	41
PID 1144 wrote to memory of 1732	1144	87703ea84056a117f07ce15aab3bda00N.exe	41
PID 1144 wrote to memory of 1732	1144	87703ea84056a117f07ce15aab3bda00N.exe	41
PID 3000 wrote to memory of 1908	3000	87703ea84056a117f07ce15aab3bda00N.exe	42
PID 3000 wrote to memory of 1908	3000	87703ea84056a117f07ce15aab3bda00N.exe	42
PID 3000 wrote to memory of 1908	3000	87703ea84056a117f07ce15aab3bda00N.exe	42
PID 3000 wrote to memory of 1908	3000	87703ea84056a117f07ce15aab3bda00N.exe	42
PID 2840 wrote to memory of 1540	2840	87703ea84056a117f07ce15aab3bda00N.exe	43
PID 2840 wrote to memory of 1540	2840	87703ea84056a117f07ce15aab3bda00N.exe	43
PID 2840 wrote to memory of 1540	2840	87703ea84056a117f07ce15aab3bda00N.exe	43
PID 2840 wrote to memory of 1540	2840	87703ea84056a117f07ce15aab3bda00N.exe	43
PID 2016 wrote to memory of 340	2016	87703ea84056a117f07ce15aab3bda00N.exe	44
PID 2016 wrote to memory of 340	2016	87703ea84056a117f07ce15aab3bda00N.exe	44
PID 2016 wrote to memory of 340	2016	87703ea84056a117f07ce15aab3bda00N.exe	44
PID 2016 wrote to memory of 340	2016	87703ea84056a117f07ce15aab3bda00N.exe	44
PID 2316 wrote to memory of 1828	2316	87703ea84056a117f07ce15aab3bda00N.exe	45
PID 2316 wrote to memory of 1828	2316	87703ea84056a117f07ce15aab3bda00N.exe	45
PID 2316 wrote to memory of 1828	2316	87703ea84056a117f07ce15aab3bda00N.exe	45
PID 2316 wrote to memory of 1828	2316	87703ea84056a117f07ce15aab3bda00N.exe	45
PID 1512 wrote to memory of 2480	1512	87703ea84056a117f07ce15aab3bda00N.exe	46
PID 1512 wrote to memory of 2480	1512	87703ea84056a117f07ce15aab3bda00N.exe	46
PID 1512 wrote to memory of 2480	1512	87703ea84056a117f07ce15aab3bda00N.exe	46
PID 1512 wrote to memory of 2480	1512	87703ea84056a117f07ce15aab3bda00N.exe	46

C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
"C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2316
- C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
  "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2840
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2672
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:3012
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1512
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        8⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        9⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        10⤵
        
        PID:13476
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        10⤵
        
        PID:22328
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        9⤵
        
        PID:8228
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        9⤵
        
        PID:13124
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        8⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        9⤵
        
        PID:8864
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        9⤵
        
        PID:12680
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        9⤵
        
        PID:22668
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        8⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        8⤵
        
        PID:11744
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        8⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        9⤵
        
        PID:19168
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        8⤵
        
        PID:8220
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        8⤵
        
        PID:13288
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        8⤵
        
        PID:8724
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        8⤵
        
        PID:12688
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        8⤵
        
        PID:22580
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:11720
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:22364
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        8⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        9⤵
        
        PID:13408
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        9⤵
        
        PID:22340
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        8⤵
        
        PID:8476
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        8⤵
        
        PID:12500
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        8⤵
        
        PID:8900
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:12364
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:22556
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        8⤵
        
        PID:14152
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:8324
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:13724
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:10164
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:13788
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:7500
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:12764
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2256
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        8⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        9⤵
        
        PID:10128
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        9⤵
        
        PID:20672
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        8⤵
        
        PID:8468
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        8⤵
        
        PID:13732
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        8⤵
        
        PID:8920
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:12788
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        8⤵
        
        PID:14068
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:8412
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:12556
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:9472
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:22436
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:7360
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:12728
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:2528
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:12272
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:4168
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:14196
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:8732
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:3812
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:10428
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:13864
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:9652
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:12564
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:5616
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:14108
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:8212
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:13116
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:11444
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1148
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2432
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        8⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        9⤵
        
        PID:13656
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        8⤵
        
        PID:9572
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        8⤵
        
        PID:16876
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        8⤵
        
        PID:19136
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:7988
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:12396
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        8⤵
        
        PID:13672
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        8⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:8356
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:13664
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:11988
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:9680
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:12412
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:7472
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:12308
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:23396
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:1932
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        8⤵
        
        PID:19120
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:9948
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:19088
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:13396
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:8184
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:13108
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:11972
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:3608
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:14036
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:8656
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:22168
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:5148
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:9828
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:13880
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:7560
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:12356
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:23404
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2944
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:2680
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        8⤵
        
        PID:13816
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:12256
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:12508
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:13444
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:21908
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:8372
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:13624
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:3804
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:6364
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:14084
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:9668
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:12300
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:23436
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:5572
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:13516
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:8516
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:13552
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:3004
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:4156
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:7264
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:12420
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:11860
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:6064
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:13592
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:11932
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:9144
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:22408
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:3844
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:6680
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:10216
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:6240
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:5676
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:11436
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:23368
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:8252
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:13308
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1144
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1732
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2888
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        8⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        9⤵
        
        PID:14052
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        8⤵
        
        PID:10208
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        8⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        8⤵
        
        PID:14012
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        8⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:8340
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:13648
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        8⤵
        
        PID:14020
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:8664
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:13956
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:9940
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:20700
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:7584
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:12404
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:9372
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:1576
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        8⤵
        
        PID:19152
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:12696
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:13540
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:8332
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:12512
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:3600
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:14252
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:8796
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:13948
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:5140
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:9964
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:22388
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:7552
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:10444
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:13796
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:12328
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:22628
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2504
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:2148
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        8⤵
        
        PID:13832
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:12540
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:14076
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:8672
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:12700
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:22604
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:3836
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:19176
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:9956
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:19104
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:5660
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:13148
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:12832
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:8300
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:13756
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:2692
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:4144
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:7220
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:13088
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:6052
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:11612
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:9120
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:13964
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:3852
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:6612
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:13600
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:10292
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:13772
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:5684
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:13680
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:8364
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:13696
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1540
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2220
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:2604
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:9432
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:13848
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:7140
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:12336
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:22636
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:4324
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:7784
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:12372
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:9220
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:6464
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:13824
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:9972
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:2728
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:4640
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:8548
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:13980
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:6892
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:14232
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:12460
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:11924
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:4196
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:7464
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:12380
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:23380
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:5008
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:14044
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:9128
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:22216
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:952
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:4864
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:9264
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:7088
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:12264
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:4296
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:7628
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:13056
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:6188
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:10380
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:13856
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:9388
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:22476
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:2708
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:4540
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:8492
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:12712
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:6868
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:10452
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:12492
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:4188
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:7384
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:12576
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:6088
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:15152
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:9152
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:22396
- C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
  "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3000
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1304
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2348
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:880
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        8⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        9⤵
        
        PID:14028
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        8⤵
        
        PID:12280
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        8⤵
        
        PID:23428
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        8⤵
        
        PID:13484
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        8⤵
        
        PID:22428
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:8292
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:13712
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        8⤵
        
        PID:13616
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        8⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:8348
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:13704
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:9564
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:13912
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:7508
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:12476
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:1584
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        8⤵
        
        PID:14092
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:9536
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:12428
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:2352
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:13492
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:22960
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:8176
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:13372
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:22904
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:3616
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:11628
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:8640
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:5188
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:10184
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:19096
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:7592
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:12736
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1248
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:2936
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:8000
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:13100
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:23444
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:19112
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:10044
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:13896
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:4088
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:10408
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:13804
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:12436
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:5912
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:11736
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:8648
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:22184
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:2844
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:4264
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:7544
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:12320
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:23388
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:6164
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:19144
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:9644
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:12616
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:3996
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:6844
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:13688
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:12808
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:5888
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:14060
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:8740
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:13940
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1908
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:744
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:3268
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:9552
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:22496
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:7448
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:12484
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:22564
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:4428
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:7760
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:13072
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:6456
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:19184
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:9988
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:19040
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:3188
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:5084
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:9224
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:22200
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:7424
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:12524
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:22968
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:4420
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:7772
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:12388
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:6448
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:11728
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:22800
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:9980
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1392
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:2784
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:4800
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:9196
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:13988
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:7032
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:14204
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:12444
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:2664
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:4276
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:7704
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:12772
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:6156
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:11712
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:21796
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:9112
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:22192
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:2636
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:4792
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:8928
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:22444
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:7048
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:13468
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:22484
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:11376
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:22356
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:4220
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:7492
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:12780
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:1140
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:19160
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:9136
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:19236
- C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
  "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2016
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:340
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:552
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:3084
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:9424
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:13972
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:7228
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:12592
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:22612
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:4356
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:7848
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:12744
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:6472
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:14144
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:10052
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:22208
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:3116
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:5000
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:9364
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:13920
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:7352
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:12548
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:22620
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:4384
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:7856
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:11336
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:6380
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:19128
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:9660
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:13584
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:604
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:1748
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:4952
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:9480
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:19252
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:7204
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:12752
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:4312
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:7644
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:13064
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:6196
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:14100
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:9464
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:13928
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:2768
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:4884
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:9176
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:13888
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:7056
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:12344
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:22912
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:4288
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:7744
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:12468
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:22596
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:6180
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:14444
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:9528
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:12800
- C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
  "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1828
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2152
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:3108
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:5020
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:9300
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:19064
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:7368
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:12584
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:4364
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:7884
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:12668
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:23360
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:6492
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:14188
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:10284
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:13780
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:2716
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:4916
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:9288
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:19072
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:7096
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:11620
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:4304
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:7612
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:12452
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:6172
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:13504
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:22176
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:9456
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:13840
- C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
  "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1524
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:3148
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:5036
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:9232
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:22224
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:7416
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:13080
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:4376
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:7876
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:12532
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:6372
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:11452
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:21852
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:9924
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:20692
- C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
  "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
  2⤵
  PID:3176
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:5052
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:9356
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:7392
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:12292
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:22572
- C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
  "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
  2⤵
  PID:4392
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:7892
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:10436
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:12624
- C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
  "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
  2⤵
  PID:6440
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:13640
- C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
  "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
  2⤵
  PID:9912
- C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
  "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
  2⤵
  PID:20680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\xxx big hole hairy (Curtney).zip.exe

Filesize
1.2MB

MD5
8e207ac967f353ba66efe67f76e05392

SHA1
a342901eb915f6f7bbab3555bbdd15d90d38ef31

SHA256
dff7580e56da918181a55c2d046f7b7216185c8bb003315e642e086d768171eb

SHA512
74a99f26905eb20488c81660e052b1613fec8c2ce393cf845434357c9df8eb1f2eb1aac1d7574fdb1b06bcab14b495d5110aedd81d8359a33cb902862a260f91

Download Submit
C:\debug.txt

Filesize
183B

MD5
e744d2d15da1d5a1e616d791c085648e

SHA1
dff5e6168fa284b6cd3a884acec53acf64dafed6

SHA256
009ba5439ca28bd8c376bf4824fc8a71dd39345ceeb25b30a20ad2bdae3937f8

SHA512
8cfada8d362205380cd93958e2c45abb8acc9b830b1729a60372a93964020ed5fd528d00d2f2a9dfd0de0efb02b0ab825ff2a1803c07bb127888f9fdb5258946

Download Submit