c965e0ab308638998da0fb4ce4501ec94884842820cbf39d2a50d77a48fccf6f

Analysis

max time kernel
33s
max time network
121s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
21/07/2024, 09:18

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a1cf0516101e49bad13d5ba58a5e3880N.exe
Size

1.4MB
MD5

a1cf0516101e49bad13d5ba58a5e3880
SHA1

7ced3493110e9154fa9c27957f0fd8d45628daca
SHA256

c965e0ab308638998da0fb4ce4501ec94884842820cbf39d2a50d77a48fccf6f
SHA512

7ecf8fdb6f566d139e7e94a35a2c31421c788d6e932f855c41abaabd3e24288bb811d77c2154856f6f483d5e1e820bb31609c23438a6518c0dcd8e484cdd7fe1
SSDEEP

24576:oWEZnR+C9Ga//btY+JT8Z4YoNF4R8Lu2qeWBryCaVG/IYaXYoE+XZnnMp00LB5MA:VEZ8C9Z/bdZJrJuT3r3aVG/IY4YxqVMX

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	a1cf0516101e49bad13d5ba58a5e3880N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\R:	a1cf0516101e49bad13d5ba58a5e3880N.exe
File opened (read-only)	\??\U:	a1cf0516101e49bad13d5ba58a5e3880N.exe
File opened (read-only)	\??\W:	a1cf0516101e49bad13d5ba58a5e3880N.exe
File opened (read-only)	\??\Z:	a1cf0516101e49bad13d5ba58a5e3880N.exe
File opened (read-only)	\??\J:	a1cf0516101e49bad13d5ba58a5e3880N.exe
File opened (read-only)	\??\P:	a1cf0516101e49bad13d5ba58a5e3880N.exe
File opened (read-only)	\??\K:	a1cf0516101e49bad13d5ba58a5e3880N.exe
File opened (read-only)	\??\L:	a1cf0516101e49bad13d5ba58a5e3880N.exe
File opened (read-only)	\??\N:	a1cf0516101e49bad13d5ba58a5e3880N.exe
File opened (read-only)	\??\S:	a1cf0516101e49bad13d5ba58a5e3880N.exe
File opened (read-only)	\??\V:	a1cf0516101e49bad13d5ba58a5e3880N.exe
File opened (read-only)	\??\X:	a1cf0516101e49bad13d5ba58a5e3880N.exe
File opened (read-only)	\??\E:	a1cf0516101e49bad13d5ba58a5e3880N.exe
File opened (read-only)	\??\I:	a1cf0516101e49bad13d5ba58a5e3880N.exe
File opened (read-only)	\??\H:	a1cf0516101e49bad13d5ba58a5e3880N.exe
File opened (read-only)	\??\M:	a1cf0516101e49bad13d5ba58a5e3880N.exe
File opened (read-only)	\??\Q:	a1cf0516101e49bad13d5ba58a5e3880N.exe
File opened (read-only)	\??\A:	a1cf0516101e49bad13d5ba58a5e3880N.exe
File opened (read-only)	\??\G:	a1cf0516101e49bad13d5ba58a5e3880N.exe
File opened (read-only)	\??\T:	a1cf0516101e49bad13d5ba58a5e3880N.exe
File opened (read-only)	\??\Y:	a1cf0516101e49bad13d5ba58a5e3880N.exe
File opened (read-only)	\??\B:	a1cf0516101e49bad13d5ba58a5e3880N.exe
File opened (read-only)	\??\O:	a1cf0516101e49bad13d5ba58a5e3880N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\spanish trambling gay catfight gorgeoushorny (Janette).mpg.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\norwegian nude gay masturbation hotel .zip.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\SysWOW64\FxsTmp\malaysia fetish cum lesbian .mpg.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\fetish horse several models .zip.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\animal masturbation legs blondie (Melissa).mpeg.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\SysWOW64\IME\shared\fetish hot (!) cock shower (Anniston,Curtney).mpeg.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\System32\DriverStore\Temp\swedish handjob action full movie latex .mpg.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\SysWOW64\IME\shared\norwegian kicking licking sm (Ashley,Sandy).zip.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\lesbian sperm [bangbus] bedroom .mpeg.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\SysWOW64\FxsTmp\russian handjob blowjob [milf] (Jade).zip.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\handjob lesbian .mpeg.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\trambling cum sleeping .rar.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\american horse porn public YEâPSè& .mpg.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\asian sperm porn girls sm (Curtney).mpg.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\lingerie bukkake sleeping nipples .mpg.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\norwegian bukkake masturbation .rar.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\asian lesbian girls traffic .rar.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\british kicking hidden legs .mpeg.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\beastiality bukkake lesbian (Kathrin).rar.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\chinese xxx voyeur (Anniston,Samantha).zip.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Program Files\Windows Journal\Templates\hardcore animal licking .zip.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\xxx licking .avi.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Program Files (x86)\Google\Temp\japanese sperm xxx [free] feet shower .avi.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Program Files (x86)\Google\Update\Download\hardcore full movie ash mistress (Jade).mpg.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Program Files\DVD Maker\Shared\horse gang bang [bangbus] castration .zip.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SoftwareDistribution\Download\cum uncut upskirt .mpeg.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\chinese beast hot (!) latex .mpeg.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\indian fucking [milf] ash .zip.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\swedish horse [bangbus] granny (Curtney).zip.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\tyrkish horse cumshot [milf] 50+ .zip.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\asian kicking kicking masturbation shoes (Sandy).mpg.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\nude trambling voyeur glans 40+ (Ashley).mpeg.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\beast lesbian .zip.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\spanish cumshot licking nipples .mpg.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\russian bukkake porn sleeping titts .zip.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\horse beastiality licking feet swallow (Melissa).avi.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\malaysia beast cumshot uncut .zip.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\security\templates\handjob sperm licking glans wifey (Janette,Tatjana).rar.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\fucking sperm [free] gorgeoushorny .mpeg.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\porn hot (!) mistress .avi.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\brasilian animal sleeping ash pregnant .mpg.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\russian bukkake bukkake uncut 50+ (Samantha).rar.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\kicking bukkake girls granny .mpeg.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\assembly\temp\indian lesbian lesbian titts (Sonja).mpg.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\italian fetish xxx hidden (Curtney,Curtney).avi.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\bukkake big vagina .mpg.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\animal fetish girls legs sweet .mpg.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\black gay lesbian .mpg.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\american blowjob public ash fishy .zip.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\chinese cumshot masturbation 50+ .rar.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\tyrkish bukkake lesbian bondage .avi.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\winsxs\Temp\black fucking licking .avi.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\cumshot handjob [bangbus] young .zip.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\german cumshot beast full movie granny (Sylvia).zip.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\horse full movie ash stockings .mpg.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\horse animal masturbation .mpeg.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\canadian animal gay big redhair (Melissa,Sarah).avi.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\cumshot uncut glans leather .zip.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\canadian beastiality nude sleeping vagina (Sarah).zip.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\assembly\tmp\spanish handjob catfight bondage (Sarah,Tatjana).zip.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\brasilian beast cumshot girls .rar.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\indian action action voyeur (Sonja).rar.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\cum hot (!) hotel .zip.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\handjob horse voyeur sm .zip.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\asian lingerie xxx full movie glans (Janette,Sarah).mpg.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\black action cum [free] nipples (Karin,Christine).mpeg.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\Downloaded Program Files\beastiality horse lesbian .rar.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\black fetish action catfight upskirt .mpg.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\bukkake catfight (Karin).avi.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\african kicking girls femdom .mpg.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\animal big .zip.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\PLA\Templates\action hot (!) hotel (Sarah).rar.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\french action hidden boobs .mpeg.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\gay sperm [free] high heels .zip.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\british lesbian hot (!) penetration (Anniston,Gina).mpg.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\italian cum uncut 50+ .avi.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\lesbian animal several models cock 40+ (Britney).avi.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\brasilian horse licking nipples .mpeg.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\indian handjob hardcore sleeping legs (Ashley,Christine).mpeg.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\british handjob nude several models pregnant .mpeg.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\french fucking uncut femdom .zip.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\tyrkish hardcore sperm hidden .mpeg.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\russian bukkake porn hot (!) vagina .avi.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\norwegian animal cum masturbation .mpeg.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\bukkake hidden .avi.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\german lingerie [bangbus] young .zip.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\action horse hidden .avi.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\spanish animal lesbian hidden glans ejaculation .rar.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe
File created	C:\Windows\winsxs\InstallTemp\nude fucking masturbation .rar.exe	a1cf0516101e49bad13d5ba58a5e3880N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1848	a1cf0516101e49bad13d5ba58a5e3880N.exe
2132	a1cf0516101e49bad13d5ba58a5e3880N.exe
1848	a1cf0516101e49bad13d5ba58a5e3880N.exe
3040	a1cf0516101e49bad13d5ba58a5e3880N.exe
2604	a1cf0516101e49bad13d5ba58a5e3880N.exe
2132	a1cf0516101e49bad13d5ba58a5e3880N.exe
1848	a1cf0516101e49bad13d5ba58a5e3880N.exe
824	a1cf0516101e49bad13d5ba58a5e3880N.exe
1376	a1cf0516101e49bad13d5ba58a5e3880N.exe
676	a1cf0516101e49bad13d5ba58a5e3880N.exe
3040	a1cf0516101e49bad13d5ba58a5e3880N.exe
2604	a1cf0516101e49bad13d5ba58a5e3880N.exe
1244	a1cf0516101e49bad13d5ba58a5e3880N.exe
2132	a1cf0516101e49bad13d5ba58a5e3880N.exe
1848	a1cf0516101e49bad13d5ba58a5e3880N.exe
2724	a1cf0516101e49bad13d5ba58a5e3880N.exe
1656	a1cf0516101e49bad13d5ba58a5e3880N.exe
824	a1cf0516101e49bad13d5ba58a5e3880N.exe
1048	a1cf0516101e49bad13d5ba58a5e3880N.exe
596	a1cf0516101e49bad13d5ba58a5e3880N.exe
1376	a1cf0516101e49bad13d5ba58a5e3880N.exe
2928	a1cf0516101e49bad13d5ba58a5e3880N.exe
2604	a1cf0516101e49bad13d5ba58a5e3880N.exe
2212	a1cf0516101e49bad13d5ba58a5e3880N.exe
1244	a1cf0516101e49bad13d5ba58a5e3880N.exe
2132	a1cf0516101e49bad13d5ba58a5e3880N.exe
3040	a1cf0516101e49bad13d5ba58a5e3880N.exe
676	a1cf0516101e49bad13d5ba58a5e3880N.exe
2896	a1cf0516101e49bad13d5ba58a5e3880N.exe
1216	a1cf0516101e49bad13d5ba58a5e3880N.exe
1848	a1cf0516101e49bad13d5ba58a5e3880N.exe
2236	a1cf0516101e49bad13d5ba58a5e3880N.exe
2036	a1cf0516101e49bad13d5ba58a5e3880N.exe
2724	a1cf0516101e49bad13d5ba58a5e3880N.exe
1656	a1cf0516101e49bad13d5ba58a5e3880N.exe
1860	a1cf0516101e49bad13d5ba58a5e3880N.exe
1048	a1cf0516101e49bad13d5ba58a5e3880N.exe
2728	a1cf0516101e49bad13d5ba58a5e3880N.exe
804	a1cf0516101e49bad13d5ba58a5e3880N.exe
1376	a1cf0516101e49bad13d5ba58a5e3880N.exe
824	a1cf0516101e49bad13d5ba58a5e3880N.exe
564	a1cf0516101e49bad13d5ba58a5e3880N.exe
2604	a1cf0516101e49bad13d5ba58a5e3880N.exe
2264	a1cf0516101e49bad13d5ba58a5e3880N.exe
1244	a1cf0516101e49bad13d5ba58a5e3880N.exe
2132	a1cf0516101e49bad13d5ba58a5e3880N.exe
2232	a1cf0516101e49bad13d5ba58a5e3880N.exe
2232	a1cf0516101e49bad13d5ba58a5e3880N.exe
3040	a1cf0516101e49bad13d5ba58a5e3880N.exe
3040	a1cf0516101e49bad13d5ba58a5e3880N.exe
676	a1cf0516101e49bad13d5ba58a5e3880N.exe
676	a1cf0516101e49bad13d5ba58a5e3880N.exe
596	a1cf0516101e49bad13d5ba58a5e3880N.exe
596	a1cf0516101e49bad13d5ba58a5e3880N.exe
2140	a1cf0516101e49bad13d5ba58a5e3880N.exe
2140	a1cf0516101e49bad13d5ba58a5e3880N.exe
1716	a1cf0516101e49bad13d5ba58a5e3880N.exe
1716	a1cf0516101e49bad13d5ba58a5e3880N.exe
2856	a1cf0516101e49bad13d5ba58a5e3880N.exe
2856	a1cf0516101e49bad13d5ba58a5e3880N.exe
1804	a1cf0516101e49bad13d5ba58a5e3880N.exe
1804	a1cf0516101e49bad13d5ba58a5e3880N.exe
948	a1cf0516101e49bad13d5ba58a5e3880N.exe
948	a1cf0516101e49bad13d5ba58a5e3880N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1848 wrote to memory of 2132	1848	a1cf0516101e49bad13d5ba58a5e3880N.exe	31
PID 1848 wrote to memory of 2132	1848	a1cf0516101e49bad13d5ba58a5e3880N.exe	31
PID 1848 wrote to memory of 2132	1848	a1cf0516101e49bad13d5ba58a5e3880N.exe	31
PID 1848 wrote to memory of 2132	1848	a1cf0516101e49bad13d5ba58a5e3880N.exe	31
PID 2132 wrote to memory of 3040	2132	a1cf0516101e49bad13d5ba58a5e3880N.exe	32
PID 2132 wrote to memory of 3040	2132	a1cf0516101e49bad13d5ba58a5e3880N.exe	32
PID 2132 wrote to memory of 3040	2132	a1cf0516101e49bad13d5ba58a5e3880N.exe	32
PID 2132 wrote to memory of 3040	2132	a1cf0516101e49bad13d5ba58a5e3880N.exe	32
PID 1848 wrote to memory of 2604	1848	a1cf0516101e49bad13d5ba58a5e3880N.exe	33
PID 1848 wrote to memory of 2604	1848	a1cf0516101e49bad13d5ba58a5e3880N.exe	33
PID 1848 wrote to memory of 2604	1848	a1cf0516101e49bad13d5ba58a5e3880N.exe	33
PID 1848 wrote to memory of 2604	1848	a1cf0516101e49bad13d5ba58a5e3880N.exe	33
PID 3040 wrote to memory of 824	3040	a1cf0516101e49bad13d5ba58a5e3880N.exe	34
PID 3040 wrote to memory of 824	3040	a1cf0516101e49bad13d5ba58a5e3880N.exe	34
PID 3040 wrote to memory of 824	3040	a1cf0516101e49bad13d5ba58a5e3880N.exe	34
PID 3040 wrote to memory of 824	3040	a1cf0516101e49bad13d5ba58a5e3880N.exe	34
PID 2604 wrote to memory of 1376	2604	a1cf0516101e49bad13d5ba58a5e3880N.exe	35
PID 2604 wrote to memory of 1376	2604	a1cf0516101e49bad13d5ba58a5e3880N.exe	35
PID 2604 wrote to memory of 1376	2604	a1cf0516101e49bad13d5ba58a5e3880N.exe	35
PID 2604 wrote to memory of 1376	2604	a1cf0516101e49bad13d5ba58a5e3880N.exe	35
PID 2132 wrote to memory of 676	2132	a1cf0516101e49bad13d5ba58a5e3880N.exe	36
PID 2132 wrote to memory of 676	2132	a1cf0516101e49bad13d5ba58a5e3880N.exe	36
PID 2132 wrote to memory of 676	2132	a1cf0516101e49bad13d5ba58a5e3880N.exe	36
PID 2132 wrote to memory of 676	2132	a1cf0516101e49bad13d5ba58a5e3880N.exe	36
PID 1848 wrote to memory of 1244	1848	a1cf0516101e49bad13d5ba58a5e3880N.exe	37
PID 1848 wrote to memory of 1244	1848	a1cf0516101e49bad13d5ba58a5e3880N.exe	37
PID 1848 wrote to memory of 1244	1848	a1cf0516101e49bad13d5ba58a5e3880N.exe	37
PID 1848 wrote to memory of 1244	1848	a1cf0516101e49bad13d5ba58a5e3880N.exe	37
PID 824 wrote to memory of 2724	824	a1cf0516101e49bad13d5ba58a5e3880N.exe	38
PID 824 wrote to memory of 2724	824	a1cf0516101e49bad13d5ba58a5e3880N.exe	38
PID 824 wrote to memory of 2724	824	a1cf0516101e49bad13d5ba58a5e3880N.exe	38
PID 824 wrote to memory of 2724	824	a1cf0516101e49bad13d5ba58a5e3880N.exe	38
PID 3040 wrote to memory of 1656	3040	a1cf0516101e49bad13d5ba58a5e3880N.exe	39
PID 3040 wrote to memory of 1656	3040	a1cf0516101e49bad13d5ba58a5e3880N.exe	39
PID 3040 wrote to memory of 1656	3040	a1cf0516101e49bad13d5ba58a5e3880N.exe	39
PID 3040 wrote to memory of 1656	3040	a1cf0516101e49bad13d5ba58a5e3880N.exe	39
PID 1376 wrote to memory of 596	1376	a1cf0516101e49bad13d5ba58a5e3880N.exe	40
PID 1376 wrote to memory of 596	1376	a1cf0516101e49bad13d5ba58a5e3880N.exe	40
PID 1376 wrote to memory of 596	1376	a1cf0516101e49bad13d5ba58a5e3880N.exe	40
PID 1376 wrote to memory of 596	1376	a1cf0516101e49bad13d5ba58a5e3880N.exe	40
PID 676 wrote to memory of 1048	676	a1cf0516101e49bad13d5ba58a5e3880N.exe	41
PID 676 wrote to memory of 1048	676	a1cf0516101e49bad13d5ba58a5e3880N.exe	41
PID 676 wrote to memory of 1048	676	a1cf0516101e49bad13d5ba58a5e3880N.exe	41
PID 676 wrote to memory of 1048	676	a1cf0516101e49bad13d5ba58a5e3880N.exe	41
PID 2604 wrote to memory of 2896	2604	a1cf0516101e49bad13d5ba58a5e3880N.exe	42
PID 2604 wrote to memory of 2896	2604	a1cf0516101e49bad13d5ba58a5e3880N.exe	42
PID 2604 wrote to memory of 2896	2604	a1cf0516101e49bad13d5ba58a5e3880N.exe	42
PID 2604 wrote to memory of 2896	2604	a1cf0516101e49bad13d5ba58a5e3880N.exe	42
PID 1244 wrote to memory of 2928	1244	a1cf0516101e49bad13d5ba58a5e3880N.exe	43
PID 1244 wrote to memory of 2928	1244	a1cf0516101e49bad13d5ba58a5e3880N.exe	43
PID 1244 wrote to memory of 2928	1244	a1cf0516101e49bad13d5ba58a5e3880N.exe	43
PID 1244 wrote to memory of 2928	1244	a1cf0516101e49bad13d5ba58a5e3880N.exe	43
PID 2132 wrote to memory of 1216	2132	a1cf0516101e49bad13d5ba58a5e3880N.exe	44
PID 2132 wrote to memory of 1216	2132	a1cf0516101e49bad13d5ba58a5e3880N.exe	44
PID 2132 wrote to memory of 1216	2132	a1cf0516101e49bad13d5ba58a5e3880N.exe	44
PID 2132 wrote to memory of 1216	2132	a1cf0516101e49bad13d5ba58a5e3880N.exe	44
PID 1848 wrote to memory of 2212	1848	a1cf0516101e49bad13d5ba58a5e3880N.exe	45
PID 1848 wrote to memory of 2212	1848	a1cf0516101e49bad13d5ba58a5e3880N.exe	45
PID 1848 wrote to memory of 2212	1848	a1cf0516101e49bad13d5ba58a5e3880N.exe	45
PID 1848 wrote to memory of 2212	1848	a1cf0516101e49bad13d5ba58a5e3880N.exe	45
PID 2724 wrote to memory of 2236	2724	a1cf0516101e49bad13d5ba58a5e3880N.exe	46
PID 2724 wrote to memory of 2236	2724	a1cf0516101e49bad13d5ba58a5e3880N.exe	46
PID 2724 wrote to memory of 2236	2724	a1cf0516101e49bad13d5ba58a5e3880N.exe	46
PID 2724 wrote to memory of 2236	2724	a1cf0516101e49bad13d5ba58a5e3880N.exe	46

C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
"C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1848
- C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
  "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2132
- - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
    "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3040
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:824
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2724
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        8⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        9⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        10⤵
        
        PID:14016
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        9⤵
        
        PID:9556
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        9⤵
        
        PID:17804
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        8⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        9⤵
        
        PID:14120
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        8⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        8⤵
        
        PID:16184
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        8⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        9⤵
        
        PID:14492
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        8⤵
        
        PID:8632
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        9⤵
        
        PID:15712
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        8⤵
        
        PID:9500
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        8⤵
        
        PID:17064
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        8⤵
        
        PID:8824
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        9⤵
        
        PID:15784
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        8⤵
        
        PID:15972
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        8⤵
        
        PID:15672
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:9564
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:16076
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        8⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        9⤵
        
        PID:15640
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        8⤵
        
        PID:10472
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        8⤵
        
        PID:16288
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        8⤵
        
        PID:14092
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:7980
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:16272
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        8⤵
        
        PID:14200
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:8416
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:16060
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:8856
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:16132
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:6900
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:14644
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2036
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        8⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        9⤵
        
        PID:15808
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        8⤵
        
        PID:9580
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        8⤵
        
        PID:17500
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        8⤵
        
        PID:14084
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:7836
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        8⤵
        
        PID:16160
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:14416
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        8⤵
        
        PID:14232
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:8296
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:14604
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:8864
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        8⤵
        
        PID:8256
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:16084
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:6924
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:14424
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:2556
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:14612
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:15776
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:8916
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:15720
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:17524
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:3680
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:15816
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:9380
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:17492
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:4380
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:9848
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:16256
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:7572
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:928
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1656
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:804
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        8⤵
        
        PID:8228
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        8⤵
        
        PID:14352
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:14256
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        8⤵
        
        PID:10664
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        8⤵
        
        PID:18116
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:9516
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:17508
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:14744
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:8948
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:15824
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:16216
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:2580
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        8⤵
        
        PID:15648
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:10504
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:17780
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:14136
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:7596
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:14672
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:3528
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:13844
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:8640
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:9476
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:17304
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:4828
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:8616
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:17772
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:7044
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:14448
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1716
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:3108
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:9652
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:17732
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:10424
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:17284
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:10704
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:18272
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:4400
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:15928
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:14712
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:6216
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:15792
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:9624
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:17516
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:1692
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:4288
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:7844
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:14472
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:5520
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:14408
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:9600
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:17764
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:3988
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:6804
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:16012
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:14464
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:5696
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:8812
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:15952
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:16140
- - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
    "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:676
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1048
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1860
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        8⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        9⤵
        
        PID:15920
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        8⤵
        
        PID:14344
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        8⤵
        
        PID:14432
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:8624
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:9548
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:17116
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:8908
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:2984
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:9452
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:17140
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:7004
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:14384
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:2752
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:6620
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:14192
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:14264
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:8304
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:15680
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:14580
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:3540
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:14500
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:8676
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:15856
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:9572
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:16168
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:4840
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:9300
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:17444
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:7012
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:14456
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2232
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:2800
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:9832
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:6988
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:9468
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:17788
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:4300
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:8044
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:14508
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:6244
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:14760
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:9804
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:14556
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:2868
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:4184
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:7948
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:16032
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:5720
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:9632
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:16092
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:4004
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:6828
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:14532
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:5800
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:9056
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:16148
- - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
    "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1216
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:1808
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:3300
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:9720
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:14752
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:7564
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:15996
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:14208
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:4608
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:7864
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:14400
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:6464
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:14320
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:2564
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:5080
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:9484
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:15944
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:6644
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:9508
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:17148
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:4232
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:7320
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:10656
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:17460
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:10496
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:17916
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:5272
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:15800
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:9824
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:17796
- - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
    "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2264
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:392
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:4808
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:9372
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:15912
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:6992
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:14440
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:3920
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:7600
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:16304
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:14516
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:5192
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:14688
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:9404
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:15904
- - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
    "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
    3⤵
    PID:2100
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:3652
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:7268
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:10648
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:15728
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:18124
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:10488
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:18256
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:5144
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:9420
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:15760
- - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
    "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
    3⤵
    PID:3852
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:6420
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:10432
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:2952
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:14216
- - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
    "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
    3⤵
    PID:5460
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:14368
- - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
    "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
    3⤵
    PID:8016
- - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
    "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
    3⤵
    PID:14168
- C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
  "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2604
- - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
    "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1376
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:596
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:948
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        8⤵
        
        PID:9524
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        8⤵
        
        PID:17124
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:7336
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        8⤵
        
        PID:10680
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        8⤵
        
        PID:18156
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:10692
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:9268
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:8652
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        8⤵
        
        PID:15880
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:9492
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:17132
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:6372
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:14144
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:2880
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:8196
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        8⤵
        
        PID:16296
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:15964
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:6236
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:10480
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:18264
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:4020
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:6760
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:14184
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:5776
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:14704
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:8956
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:16312
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2728
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:1920
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:16124
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:15832
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:14152
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:3688
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:10440
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:16900
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:14636
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:5968
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:15736
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:9032
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:16004
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:1720
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:3536
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:7128
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:9460
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:17924
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:5952
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:14720
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:8988
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:15864
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:16108
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:3628
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:6076
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:14728
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:9412
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:16192
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:4632
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:9788
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:14816
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:7136
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:10672
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:18316
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:14680
- - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
    "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2896
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:1492
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:3312
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:10764
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:15848
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:16208
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:4532
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:8608
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:14392
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:6360
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:11016
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:2756
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:5040
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:9348
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:16460
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:7144
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:16280
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:4160
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:7640
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:15896
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:14176
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:6132
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:16068
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:9540
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:18148
- - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
    "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:564
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:1028
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:4784
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:8900
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:1664
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:6976
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:16176
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:4032
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:7292
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:16044
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:6136
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:14696
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:9428
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:14588
- - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
    "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
    3⤵
    PID:2588
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:156
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:6384
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:10100
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:14652
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:16020
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:6004
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:16028
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:8940
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:16100
- - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
    "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
    3⤵
    PID:3808
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:6480
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:14304
- - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
    "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
    3⤵
    PID:5436
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:14548
- - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
    "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
    3⤵
    PID:7472
- - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
    "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
    3⤵
    PID:15980
- C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
  "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1244
- - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
    "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2928
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2856
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:3140
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:9436
        
        C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        7⤵
        
        PID:16584
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:7376
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:16052
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:4412
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:7992
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:16200
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:6208
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:15768
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:9616
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:15988
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:2832
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:4996
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:9444
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:16360
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:6528
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:14628
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:4132
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:7608
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:16336
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:14160
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:5724
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:15744
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:9364
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:17108
- - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
    "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2140
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:3080
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:4772
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:9840
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:16240
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:7328
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:16232
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:4392
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:7936
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:14620
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:6196
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:9608
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:17476
- - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
    "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
    3⤵
    PID:336
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:3984
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:6844
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:14572
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:6108
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:15936
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:9396
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:17392
- - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
    "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
    3⤵
    PID:3824
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:6440
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:11756
- - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
    "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
    3⤵
    PID:5444
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:14360
- - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
    "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
    3⤵
    PID:8024
- - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
    "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
    3⤵
    PID:10824
- - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
    "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
    3⤵
    PID:3720
- C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
  "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2212
- - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
    "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1804
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:3264
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:5132
      - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        6⤵
        
        PID:10772
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:7820
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:16248
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:4500
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:7804
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:16116
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:6400
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:14312
- - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
    "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
    3⤵
    PID:2552
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:5024
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:9592
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:16224
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:6368
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:9532
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:17484
- - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
    "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
    3⤵
    PID:4148
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:7388
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:15888
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:14596
- - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
    "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
    3⤵
    PID:5688
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:14736
- - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
    "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
    3⤵
    PID:9388
- - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
    "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
    3⤵
    PID:17740
- C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
  "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
  2⤵
  PID:2320
- - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
    "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
    3⤵
    PID:3348
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:5248
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:14128
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:7556
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:11072
- - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
    "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
    3⤵
    PID:4588
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:8268
    - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
        5⤵
        
        PID:17432
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:15872
- - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
    "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
    3⤵
    PID:6448
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:14328
- - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
    "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
    3⤵
    PID:14008
- C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
  "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
  2⤵
  PID:3012
- - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
    "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
    3⤵
    PID:5108
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:9356
  - - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
      "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
      4⤵
      PID:17452
- - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
    "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
    3⤵
    PID:6848
- - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
    "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
    3⤵
    PID:14660
- C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
  "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
  2⤵
  PID:4264
- - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
    "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
    3⤵
    PID:7668
- - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
    "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
    3⤵
    PID:16320
- C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
  "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
  2⤵
  PID:6036
- - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
    "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
    3⤵
    PID:9796
- - C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
    "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
    3⤵
    PID:17468
- C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
  "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
  2⤵
  PID:10464
- C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe
  "C:\Users\Admin\AppData\Local\Temp\a1cf0516101e49bad13d5ba58a5e3880N.exe"
  2⤵
  PID:14564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\lingerie bukkake sleeping nipples .mpg.exe

Filesize
830KB

MD5
e8abf71f050df7840b3e50db5c369c2e

SHA1
4affbec28ab8e2160493754db2f5c7f9f73e5996

SHA256
90a41ccd3b3396ef3567f74d37662c6cbe3f9593af9c28b50b1d71d62846ff75

SHA512
8fc6741aa0f589050f3882e5688c69fa978f436376cbf3606c6784afbfe5b2c0de346def6d97a464e7154fcce8ba417493f3845ea04f907692a9dfff00bc3e16

Download Submit
C:\debug.txt

Filesize
183B

MD5
8ea62f6ee0077636ebdb294e2ae87924

SHA1
b028f255a6a79e79c86a99255d8915ebbcdee586

SHA256
83846d5a9faf2271de4f4a61cc709941d0e51a11119a607ea57705d51ff4ba05

SHA512
1bca195ac02417cf36906763fc3b94112b2544c9a0f75c666d3e24cf8c72e0fd68bf379d27bb695931d8f189af488deecab6ad55e87133ab61c008542e027521

Download Submit
memory/564-143-0x00000000045F0000-0x000000000461B000-memory.dmp

Filesize
172KB

Download
memory/564-181-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/564-117-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/596-102-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/596-140-0x0000000004F30000-0x0000000004F5B000-memory.dmp

Filesize
172KB

Download
memory/596-115-0x0000000004DF0000-0x0000000004E1B000-memory.dmp

Filesize
172KB

Download
memory/596-171-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/676-139-0x0000000004F40000-0x0000000004F6B000-memory.dmp

Filesize
172KB

Download
memory/676-166-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/676-97-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/804-142-0x0000000004E00000-0x0000000004E2B000-memory.dmp

Filesize
172KB

Download
memory/804-179-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/804-113-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/824-176-0x0000000004E00000-0x0000000004E2B000-memory.dmp

Filesize
172KB

Download
memory/824-94-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/824-111-0x0000000004E00000-0x0000000004E2B000-memory.dmp

Filesize
172KB

Download
memory/824-134-0x0000000004E00000-0x0000000004E2B000-memory.dmp

Filesize
172KB

Download
memory/824-165-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/948-150-0x00000000050D0000-0x00000000050FB000-memory.dmp

Filesize
172KB

Download
memory/1048-131-0x0000000005060000-0x000000000508B000-memory.dmp

Filesize
172KB

Download
memory/1048-104-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1216-106-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1244-169-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1244-136-0x0000000005070000-0x000000000509B000-memory.dmp

Filesize
172KB

Download
memory/1244-182-0x0000000005070000-0x000000000509B000-memory.dmp

Filesize
172KB

Download
memory/1376-98-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1376-133-0x0000000005060000-0x000000000508B000-memory.dmp

Filesize
172KB

Download
memory/1376-167-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1492-153-0x0000000004E10000-0x0000000004E3B000-memory.dmp

Filesize
172KB

Download
memory/1492-122-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1580-126-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1656-130-0x0000000005090000-0x00000000050BB000-memory.dmp

Filesize
172KB

Download
memory/1656-158-0x0000000005090000-0x00000000050BB000-memory.dmp

Filesize
172KB

Download
memory/1656-103-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1716-148-0x0000000001F90000-0x0000000001FBB000-memory.dmp

Filesize
172KB

Download
memory/1716-184-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1804-151-0x0000000004F50000-0x0000000004F7B000-memory.dmp

Filesize
172KB

Download
memory/1808-152-0x0000000004F30000-0x0000000004F5B000-memory.dmp

Filesize
172KB

Download
memory/1848-168-0x00000000058C0000-0x00000000058EB000-memory.dmp

Filesize
172KB

Download
memory/1848-123-0x00000000058C0000-0x00000000058EB000-memory.dmp

Filesize
172KB

Download
memory/1848-157-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1848-162-0x00000000058C0000-0x00000000058EB000-memory.dmp

Filesize
172KB

Download
memory/1848-147-0x00000000058C0000-0x00000000058EB000-memory.dmp

Filesize
172KB

Download
memory/1848-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1848-67-0x00000000058C0000-0x00000000058EB000-memory.dmp

Filesize
172KB

Download
memory/1860-132-0x0000000005070000-0x000000000509B000-memory.dmp

Filesize
172KB

Download
memory/1860-116-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1860-183-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2036-112-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2036-127-0x0000000004E40000-0x0000000004E6B000-memory.dmp

Filesize
172KB

Download
memory/2036-178-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2132-137-0x0000000005080000-0x00000000050AB000-memory.dmp

Filesize
172KB

Download
memory/2132-69-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2132-160-0x0000000004E00000-0x0000000004E2B000-memory.dmp

Filesize
172KB

Download
memory/2132-91-0x0000000004E00000-0x0000000004E2B000-memory.dmp

Filesize
172KB

Download
memory/2132-159-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2132-96-0x0000000005080000-0x00000000050AB000-memory.dmp

Filesize
172KB

Download
memory/2212-172-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2212-145-0x0000000005090000-0x00000000050BB000-memory.dmp

Filesize
172KB

Download
memory/2212-108-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2212-121-0x0000000005090000-0x00000000050BB000-memory.dmp

Filesize
172KB

Download
memory/2232-119-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2236-110-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2236-175-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2236-155-0x0000000004E00000-0x0000000004E2B000-memory.dmp

Filesize
172KB

Download
memory/2236-125-0x0000000004E00000-0x0000000004E2B000-memory.dmp

Filesize
172KB

Download
memory/2264-118-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2264-144-0x0000000004BB0000-0x0000000004BDB000-memory.dmp

Filesize
172KB

Download
memory/2320-154-0x0000000005070000-0x000000000509B000-memory.dmp

Filesize
172KB

Download
memory/2320-124-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2580-173-0x0000000005070000-0x000000000509B000-memory.dmp

Filesize
172KB

Download
memory/2604-163-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2604-177-0x00000000050B0000-0x00000000050DB000-memory.dmp

Filesize
172KB

Download
memory/2604-95-0x00000000045C0000-0x00000000045EB000-memory.dmp

Filesize
172KB

Download
memory/2604-135-0x00000000050B0000-0x00000000050DB000-memory.dmp

Filesize
172KB

Download
memory/2724-156-0x0000000004520000-0x000000000454B000-memory.dmp

Filesize
172KB

Download
memory/2724-174-0x00000000044B0000-0x00000000044DB000-memory.dmp

Filesize
172KB

Download
memory/2724-100-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2724-109-0x00000000044B0000-0x00000000044DB000-memory.dmp

Filesize
172KB

Download
memory/2724-128-0x0000000004520000-0x000000000454B000-memory.dmp

Filesize
172KB

Download
memory/2728-114-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2728-141-0x0000000004590000-0x00000000045BB000-memory.dmp

Filesize
172KB

Download
memory/2728-180-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2772-129-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2856-149-0x0000000005060000-0x000000000508B000-memory.dmp

Filesize
172KB

Download
memory/2896-105-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2896-146-0x0000000004F60000-0x0000000004F8B000-memory.dmp

Filesize
172KB

Download
memory/2928-107-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2928-120-0x0000000005060000-0x000000000508B000-memory.dmp

Filesize
172KB

Download
memory/3040-164-0x0000000001F40000-0x0000000001F6B000-memory.dmp

Filesize
172KB

Download
memory/3040-101-0x0000000001F40000-0x0000000001F6B000-memory.dmp

Filesize
172KB

Download
memory/3040-161-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3040-93-0x0000000001F40000-0x0000000001F6B000-memory.dmp

Filesize
172KB

Download
memory/3040-170-0x0000000001F40000-0x0000000001F6B000-memory.dmp

Filesize
172KB

Download
memory/3040-92-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3040-138-0x0000000001F50000-0x0000000001F7B000-memory.dmp

Filesize
172KB

Download