f2cb0f4e5699e869c1141a46b05803aa3c4ea6137ffe5e4d1497f587b8cb37e7

Analysis

max time kernel
26s
max time network
120s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
21/07/2024, 08:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

97375e528c1bd66277b5a170fa6b3620N.exe
Size

1.2MB
MD5

97375e528c1bd66277b5a170fa6b3620
SHA1

936df9db223f9d16bc739e161e2fdb3a1b5bc156
SHA256

f2cb0f4e5699e869c1141a46b05803aa3c4ea6137ffe5e4d1497f587b8cb37e7
SHA512

c71a19ee5b5f06fb2288725c73b33aa14f89327afa9c910f35a4737d5a43aa51595ac05be57d72db9333487516dd2cd0f02247554113ed168b2d8aded1d72e7b
SSDEEP

24576:oWN6JTNEeO8AiwOrdiBqyzwt1gTR0OOzOPjtvKRAfCVZeFrIVGQQO:VN63KHor4Bqy0t16qYoRcrI0nO

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	97375e528c1bd66277b5a170fa6b3620N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\J:	97375e528c1bd66277b5a170fa6b3620N.exe
File opened (read-only)	\??\K:	97375e528c1bd66277b5a170fa6b3620N.exe
File opened (read-only)	\??\U:	97375e528c1bd66277b5a170fa6b3620N.exe
File opened (read-only)	\??\Y:	97375e528c1bd66277b5a170fa6b3620N.exe
File opened (read-only)	\??\H:	97375e528c1bd66277b5a170fa6b3620N.exe
File opened (read-only)	\??\I:	97375e528c1bd66277b5a170fa6b3620N.exe
File opened (read-only)	\??\L:	97375e528c1bd66277b5a170fa6b3620N.exe
File opened (read-only)	\??\O:	97375e528c1bd66277b5a170fa6b3620N.exe
File opened (read-only)	\??\R:	97375e528c1bd66277b5a170fa6b3620N.exe
File opened (read-only)	\??\X:	97375e528c1bd66277b5a170fa6b3620N.exe
File opened (read-only)	\??\B:	97375e528c1bd66277b5a170fa6b3620N.exe
File opened (read-only)	\??\G:	97375e528c1bd66277b5a170fa6b3620N.exe
File opened (read-only)	\??\N:	97375e528c1bd66277b5a170fa6b3620N.exe
File opened (read-only)	\??\P:	97375e528c1bd66277b5a170fa6b3620N.exe
File opened (read-only)	\??\S:	97375e528c1bd66277b5a170fa6b3620N.exe
File opened (read-only)	\??\T:	97375e528c1bd66277b5a170fa6b3620N.exe
File opened (read-only)	\??\A:	97375e528c1bd66277b5a170fa6b3620N.exe
File opened (read-only)	\??\E:	97375e528c1bd66277b5a170fa6b3620N.exe
File opened (read-only)	\??\M:	97375e528c1bd66277b5a170fa6b3620N.exe
File opened (read-only)	\??\Q:	97375e528c1bd66277b5a170fa6b3620N.exe
File opened (read-only)	\??\V:	97375e528c1bd66277b5a170fa6b3620N.exe
File opened (read-only)	\??\W:	97375e528c1bd66277b5a170fa6b3620N.exe
File opened (read-only)	\??\Z:	97375e528c1bd66277b5a170fa6b3620N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\italian gang bang trambling public ejaculation .zip.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\System32\DriverStore\Temp\black kicking gay lesbian .zip.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\SysWOW64\IME\shared\american action lesbian big titts .avi.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\xxx hidden shoes .rar.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\SysWOW64\IME\shared\italian cumshot horse sleeping leather .rar.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\horse big mature .mpeg.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\SysWOW64\FxsTmp\spanish lesbian [free] feet bedroom .zip.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\indian nude lingerie voyeur (Liz).mpeg.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\indian beastiality lesbian big (Jade).mpeg.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\SysWOW64\FxsTmp\black handjob blowjob hot (!) cock ash (Melissa).zip.exe	97375e528c1bd66277b5a170fa6b3620N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\italian porn lingerie hidden feet .zip.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\danish nude hardcore [milf] .mpg.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Program Files (x86)\Google\Temp\brasilian cum hardcore catfight .avi.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\russian kicking trambling lesbian cock (Britney,Tatjana).mpeg.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\hardcore catfight cock high heels .rar.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\tyrkish handjob lingerie licking .mpeg.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\american nude xxx [free] high heels .zip.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\hardcore hot (!) girly .mpeg.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\xxx big balls .avi.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\russian animal blowjob licking feet leather (Janette).mpg.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\russian animal horse [bangbus] stockings .avi.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Program Files\DVD Maker\Shared\bukkake licking cock sweet .rar.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Program Files\Windows Journal\Templates\indian handjob sperm lesbian feet .rar.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\beast several models titts stockings (Sarah).rar.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Program Files (x86)\Google\Update\Download\trambling catfight hole .zip.exe	97375e528c1bd66277b5a170fa6b3620N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\danish kicking horse uncut .mpeg.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\french bukkake hot (!) titts beautyfull .zip.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\winsxs\Temp\russian nude beast hidden feet redhair (Sylvia).avi.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\tyrkish animal gay uncut high heels .mpeg.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\asian trambling [bangbus] (Curtney).zip.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\action gay public swallow (Jenna,Sylvia).rar.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\african trambling [milf] .mpeg.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\lingerie lesbian hole .avi.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\italian gang bang xxx [milf] wifey .rar.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\spanish bukkake lesbian titts .rar.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\cumshot fucking [free] 40+ .mpeg.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\african hardcore hot (!) .rar.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\russian animal fucking licking titts mistress (Liz).avi.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\action lingerie hidden mature .zip.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\african bukkake [bangbus] (Sarah).zip.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\british sperm [free] cock high heels .rar.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\german blowjob voyeur young .mpg.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\hardcore catfight feet .mpg.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\malaysia xxx licking hole circumcision .mpeg.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\indian animal lesbian catfight sweet (Sonja,Samantha).zip.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\bukkake catfight .mpg.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\horse uncut penetration (Britney,Curtney).avi.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\german sperm catfight bondage .avi.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\blowjob hot (!) penetration .rar.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\lesbian voyeur mature .mpg.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\norwegian lingerie several models .mpeg.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\kicking blowjob full movie .rar.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\norwegian horse lesbian .mpeg.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\canadian horse [free] .rar.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\lingerie big gorgeoushorny .zip.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\black fetish gay catfight high heels (Sandy,Janette).avi.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\winsxs\InstallTemp\malaysia blowjob [free] (Sylvia).rar.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\asian bukkake hidden ejaculation .mpeg.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\german xxx [bangbus] .mpeg.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\sperm sleeping (Liz).zip.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\danish nude gay licking hole .rar.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\beastiality horse big granny .mpeg.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\black gang bang gay public wifey .avi.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\PLA\Templates\swedish handjob xxx hidden (Janette).zip.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\malaysia gay masturbation hole .rar.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\nude beast public cock pregnant (Sarah).rar.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\fetish trambling [milf] titts balls .mpg.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\xxx voyeur .mpg.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\cumshot lesbian sleeping shower .avi.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\horse full movie .avi.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\black porn horse full movie beautyfull .mpeg.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\xxx public cock bondage .mpeg.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\horse [free] (Sarah).rar.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\lesbian sleeping granny .zip.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\norwegian horse uncut glans (Kathrin,Melissa).mpeg.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\nude lingerie hidden mature .mpeg.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\trambling public .rar.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\fucking [milf] titts .rar.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\british lesbian uncut stockings .rar.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\italian cumshot hardcore voyeur glans ejaculation (Jade).mpeg.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\chinese lingerie [free] .zip.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\hardcore sleeping hairy .rar.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\black horse blowjob public sm .zip.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\horse public feet (Ashley,Melissa).rar.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\american animal fucking lesbian glans penetration (Karin).avi.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\canadian lingerie [milf] .mpg.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\chinese fucking girls 40+ (Sonja,Curtney).mpg.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\asian gay public (Karin).mpg.exe	97375e528c1bd66277b5a170fa6b3620N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\trambling big cock (Britney,Curtney).mpeg.exe	97375e528c1bd66277b5a170fa6b3620N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
448	97375e528c1bd66277b5a170fa6b3620N.exe
2876	97375e528c1bd66277b5a170fa6b3620N.exe
448	97375e528c1bd66277b5a170fa6b3620N.exe
2164	97375e528c1bd66277b5a170fa6b3620N.exe
2876	97375e528c1bd66277b5a170fa6b3620N.exe
756	97375e528c1bd66277b5a170fa6b3620N.exe
448	97375e528c1bd66277b5a170fa6b3620N.exe
2808	97375e528c1bd66277b5a170fa6b3620N.exe
2164	97375e528c1bd66277b5a170fa6b3620N.exe
1868	97375e528c1bd66277b5a170fa6b3620N.exe
1732	97375e528c1bd66277b5a170fa6b3620N.exe
2876	97375e528c1bd66277b5a170fa6b3620N.exe
2476	97375e528c1bd66277b5a170fa6b3620N.exe
756	97375e528c1bd66277b5a170fa6b3620N.exe
448	97375e528c1bd66277b5a170fa6b3620N.exe
2432	97375e528c1bd66277b5a170fa6b3620N.exe
2808	97375e528c1bd66277b5a170fa6b3620N.exe
2828	97375e528c1bd66277b5a170fa6b3620N.exe
2560	97375e528c1bd66277b5a170fa6b3620N.exe
2676	97375e528c1bd66277b5a170fa6b3620N.exe
1868	97375e528c1bd66277b5a170fa6b3620N.exe
2164	97375e528c1bd66277b5a170fa6b3620N.exe
2944	97375e528c1bd66277b5a170fa6b3620N.exe
1732	97375e528c1bd66277b5a170fa6b3620N.exe
2876	97375e528c1bd66277b5a170fa6b3620N.exe
2108	97375e528c1bd66277b5a170fa6b3620N.exe
756	97375e528c1bd66277b5a170fa6b3620N.exe
2044	97375e528c1bd66277b5a170fa6b3620N.exe
2476	97375e528c1bd66277b5a170fa6b3620N.exe
576	97375e528c1bd66277b5a170fa6b3620N.exe
448	97375e528c1bd66277b5a170fa6b3620N.exe
2096	97375e528c1bd66277b5a170fa6b3620N.exe
1232	97375e528c1bd66277b5a170fa6b3620N.exe
2668	97375e528c1bd66277b5a170fa6b3620N.exe
2432	97375e528c1bd66277b5a170fa6b3620N.exe
2020	97375e528c1bd66277b5a170fa6b3620N.exe
2808	97375e528c1bd66277b5a170fa6b3620N.exe
2828	97375e528c1bd66277b5a170fa6b3620N.exe
1868	97375e528c1bd66277b5a170fa6b3620N.exe
2396	97375e528c1bd66277b5a170fa6b3620N.exe
1732	97375e528c1bd66277b5a170fa6b3620N.exe
2676	97375e528c1bd66277b5a170fa6b3620N.exe
2376	97375e528c1bd66277b5a170fa6b3620N.exe
2560	97375e528c1bd66277b5a170fa6b3620N.exe
2380	97375e528c1bd66277b5a170fa6b3620N.exe
2384	97375e528c1bd66277b5a170fa6b3620N.exe
2876	97375e528c1bd66277b5a170fa6b3620N.exe
2164	97375e528c1bd66277b5a170fa6b3620N.exe
2352	97375e528c1bd66277b5a170fa6b3620N.exe
1776	97375e528c1bd66277b5a170fa6b3620N.exe
1140	97375e528c1bd66277b5a170fa6b3620N.exe
1140	97375e528c1bd66277b5a170fa6b3620N.exe
2536	97375e528c1bd66277b5a170fa6b3620N.exe
2536	97375e528c1bd66277b5a170fa6b3620N.exe
2476	97375e528c1bd66277b5a170fa6b3620N.exe
2476	97375e528c1bd66277b5a170fa6b3620N.exe
756	97375e528c1bd66277b5a170fa6b3620N.exe
756	97375e528c1bd66277b5a170fa6b3620N.exe
2944	97375e528c1bd66277b5a170fa6b3620N.exe
2944	97375e528c1bd66277b5a170fa6b3620N.exe
1964	97375e528c1bd66277b5a170fa6b3620N.exe
1964	97375e528c1bd66277b5a170fa6b3620N.exe
1896	97375e528c1bd66277b5a170fa6b3620N.exe
1896	97375e528c1bd66277b5a170fa6b3620N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 448 wrote to memory of 2876	448	97375e528c1bd66277b5a170fa6b3620N.exe	29
PID 448 wrote to memory of 2876	448	97375e528c1bd66277b5a170fa6b3620N.exe	29
PID 448 wrote to memory of 2876	448	97375e528c1bd66277b5a170fa6b3620N.exe	29
PID 448 wrote to memory of 2876	448	97375e528c1bd66277b5a170fa6b3620N.exe	29
PID 2876 wrote to memory of 2164	2876	97375e528c1bd66277b5a170fa6b3620N.exe	30
PID 2876 wrote to memory of 2164	2876	97375e528c1bd66277b5a170fa6b3620N.exe	30
PID 2876 wrote to memory of 2164	2876	97375e528c1bd66277b5a170fa6b3620N.exe	30
PID 2876 wrote to memory of 2164	2876	97375e528c1bd66277b5a170fa6b3620N.exe	30
PID 448 wrote to memory of 756	448	97375e528c1bd66277b5a170fa6b3620N.exe	31
PID 448 wrote to memory of 756	448	97375e528c1bd66277b5a170fa6b3620N.exe	31
PID 448 wrote to memory of 756	448	97375e528c1bd66277b5a170fa6b3620N.exe	31
PID 448 wrote to memory of 756	448	97375e528c1bd66277b5a170fa6b3620N.exe	31
PID 2164 wrote to memory of 2808	2164	97375e528c1bd66277b5a170fa6b3620N.exe	32
PID 2164 wrote to memory of 2808	2164	97375e528c1bd66277b5a170fa6b3620N.exe	32
PID 2164 wrote to memory of 2808	2164	97375e528c1bd66277b5a170fa6b3620N.exe	32
PID 2164 wrote to memory of 2808	2164	97375e528c1bd66277b5a170fa6b3620N.exe	32
PID 2876 wrote to memory of 1868	2876	97375e528c1bd66277b5a170fa6b3620N.exe	33
PID 2876 wrote to memory of 1868	2876	97375e528c1bd66277b5a170fa6b3620N.exe	33
PID 2876 wrote to memory of 1868	2876	97375e528c1bd66277b5a170fa6b3620N.exe	33
PID 2876 wrote to memory of 1868	2876	97375e528c1bd66277b5a170fa6b3620N.exe	33
PID 756 wrote to memory of 1732	756	97375e528c1bd66277b5a170fa6b3620N.exe	34
PID 756 wrote to memory of 1732	756	97375e528c1bd66277b5a170fa6b3620N.exe	34
PID 756 wrote to memory of 1732	756	97375e528c1bd66277b5a170fa6b3620N.exe	34
PID 756 wrote to memory of 1732	756	97375e528c1bd66277b5a170fa6b3620N.exe	34
PID 448 wrote to memory of 2476	448	97375e528c1bd66277b5a170fa6b3620N.exe	35
PID 448 wrote to memory of 2476	448	97375e528c1bd66277b5a170fa6b3620N.exe	35
PID 448 wrote to memory of 2476	448	97375e528c1bd66277b5a170fa6b3620N.exe	35
PID 448 wrote to memory of 2476	448	97375e528c1bd66277b5a170fa6b3620N.exe	35
PID 2808 wrote to memory of 2432	2808	97375e528c1bd66277b5a170fa6b3620N.exe	36
PID 2808 wrote to memory of 2432	2808	97375e528c1bd66277b5a170fa6b3620N.exe	36
PID 2808 wrote to memory of 2432	2808	97375e528c1bd66277b5a170fa6b3620N.exe	36
PID 2808 wrote to memory of 2432	2808	97375e528c1bd66277b5a170fa6b3620N.exe	36
PID 2164 wrote to memory of 2828	2164	97375e528c1bd66277b5a170fa6b3620N.exe	37
PID 2164 wrote to memory of 2828	2164	97375e528c1bd66277b5a170fa6b3620N.exe	37
PID 2164 wrote to memory of 2828	2164	97375e528c1bd66277b5a170fa6b3620N.exe	37
PID 2164 wrote to memory of 2828	2164	97375e528c1bd66277b5a170fa6b3620N.exe	37
PID 1868 wrote to memory of 2560	1868	97375e528c1bd66277b5a170fa6b3620N.exe	38
PID 1868 wrote to memory of 2560	1868	97375e528c1bd66277b5a170fa6b3620N.exe	38
PID 1868 wrote to memory of 2560	1868	97375e528c1bd66277b5a170fa6b3620N.exe	38
PID 1868 wrote to memory of 2560	1868	97375e528c1bd66277b5a170fa6b3620N.exe	38
PID 1732 wrote to memory of 2676	1732	97375e528c1bd66277b5a170fa6b3620N.exe	39
PID 1732 wrote to memory of 2676	1732	97375e528c1bd66277b5a170fa6b3620N.exe	39
PID 1732 wrote to memory of 2676	1732	97375e528c1bd66277b5a170fa6b3620N.exe	39
PID 1732 wrote to memory of 2676	1732	97375e528c1bd66277b5a170fa6b3620N.exe	39
PID 2876 wrote to memory of 2944	2876	97375e528c1bd66277b5a170fa6b3620N.exe	40
PID 2876 wrote to memory of 2944	2876	97375e528c1bd66277b5a170fa6b3620N.exe	40
PID 2876 wrote to memory of 2944	2876	97375e528c1bd66277b5a170fa6b3620N.exe	40
PID 2876 wrote to memory of 2944	2876	97375e528c1bd66277b5a170fa6b3620N.exe	40
PID 756 wrote to memory of 2108	756	97375e528c1bd66277b5a170fa6b3620N.exe	41
PID 756 wrote to memory of 2108	756	97375e528c1bd66277b5a170fa6b3620N.exe	41
PID 756 wrote to memory of 2108	756	97375e528c1bd66277b5a170fa6b3620N.exe	41
PID 756 wrote to memory of 2108	756	97375e528c1bd66277b5a170fa6b3620N.exe	41
PID 448 wrote to memory of 576	448	97375e528c1bd66277b5a170fa6b3620N.exe	42
PID 448 wrote to memory of 576	448	97375e528c1bd66277b5a170fa6b3620N.exe	42
PID 448 wrote to memory of 576	448	97375e528c1bd66277b5a170fa6b3620N.exe	42
PID 448 wrote to memory of 576	448	97375e528c1bd66277b5a170fa6b3620N.exe	42
PID 2476 wrote to memory of 2044	2476	97375e528c1bd66277b5a170fa6b3620N.exe	43
PID 2476 wrote to memory of 2044	2476	97375e528c1bd66277b5a170fa6b3620N.exe	43
PID 2476 wrote to memory of 2044	2476	97375e528c1bd66277b5a170fa6b3620N.exe	43
PID 2476 wrote to memory of 2044	2476	97375e528c1bd66277b5a170fa6b3620N.exe	43
PID 2432 wrote to memory of 2096	2432	97375e528c1bd66277b5a170fa6b3620N.exe	44
PID 2432 wrote to memory of 2096	2432	97375e528c1bd66277b5a170fa6b3620N.exe	44
PID 2432 wrote to memory of 2096	2432	97375e528c1bd66277b5a170fa6b3620N.exe	44
PID 2432 wrote to memory of 2096	2432	97375e528c1bd66277b5a170fa6b3620N.exe	44

C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
"C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:448
- C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
  "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2876
- - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
    "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2164
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2808
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2432
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        8⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        9⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        10⤵
        
        PID:11348
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        9⤵
        
        PID:10588
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        9⤵
        
        PID:12192
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        8⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        9⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        10⤵
        
        PID:20520
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        9⤵
        
        PID:10520
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        8⤵
        
        PID:7796
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        9⤵
        
        PID:11316
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        8⤵
        
        PID:13156
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        8⤵
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        9⤵
        
        PID:12700
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        9⤵
        
        PID:11288
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        8⤵
        
        PID:9052
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        9⤵
        
        PID:20652
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        8⤵
        
        PID:16248
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        8⤵
        
        PID:9168
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        9⤵
        
        PID:20576
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        8⤵
        
        PID:15592
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        8⤵
        
        PID:15836
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:10800
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:11236
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        8⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        9⤵
        
        PID:15708
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        8⤵
        
        PID:9508
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        9⤵
        
        PID:10900
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        8⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        8⤵
        
        PID:10572
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:7188
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        8⤵
        
        PID:18328
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:10888
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:11516
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        8⤵
        
        PID:12408
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        8⤵
        
        PID:12176
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:10416
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:10440
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:7908
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:20700
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:15780
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1232
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        8⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        9⤵
        
        PID:12692
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        9⤵
        
        PID:12020
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        8⤵
        
        PID:9196
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        9⤵
        
        PID:15408
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        8⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        8⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        9⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        8⤵
        
        PID:13140
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        8⤵
        
        PID:20528
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:11140
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:10500
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        8⤵
        
        PID:10580
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:8516
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        8⤵
        
        PID:18308
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:15812
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:9176
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        8⤵
        
        PID:20496
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:14620
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:7244
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:16168
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:11124
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:21472
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:720
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        8⤵
        
        PID:11692
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:9516
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        8⤵
        
        PID:11932
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:15772
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:11036
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:10068
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:10944
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:11888
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:3516
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:14832
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:10840
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:10612
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:4908
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:10908
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:9828
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:7900
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:19752
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:15636
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2828
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2020
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        8⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        9⤵
        
        PID:12200
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        8⤵
        
        PID:11840
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        8⤵
        
        PID:11392
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        8⤵
        
        PID:11372
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:8432
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        8⤵
        
        PID:17796
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:15828
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        8⤵
        
        PID:12724
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        8⤵
        
        PID:10896
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:9316
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        8⤵
        
        PID:20692
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:15232
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:10216
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:19656
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:7352
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:15724
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:11092
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:9844
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:1240
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        8⤵
        
        PID:15924
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:10456
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:10084
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:11052
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:11356
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:20060
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:10872
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:10736
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:3436
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:12608
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:11740
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:9204
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:3328
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:16676
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:4712
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:9256
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:14632
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:16216
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:7344
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:18360
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:11116
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:10604
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2384
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:2688
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:8636
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        8⤵
        
        PID:18292
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:12628
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:7436
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:10312
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:10988
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:4304
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:7876
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:10036
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:13008
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:6220
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:16500
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:10548
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:2760
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:4152
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:16492
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:11880
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:11276
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:5808
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:12420
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:10356
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:10512
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:3876
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:6652
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:16932
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:9340
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:11428
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:15620
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:5348
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:12272
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:8456
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:11292
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:15844
- - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
    "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1868
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2560
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2668
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        8⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        9⤵
        
        PID:16692
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        8⤵
        
        PID:10596
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        8⤵
        
        PID:12676
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        8⤵
        
        PID:7416
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:9004
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        8⤵
        
        PID:20708
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:15916
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        8⤵
        
        PID:15416
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:11084
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:12652
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:7092
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:15692
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:10488
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:2452
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        8⤵
        
        PID:20512
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:10756
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:14840
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:9248
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:7848
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:1904
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:3864
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:16200
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:10776
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:12028
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:5340
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:11856
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:8448
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:15216
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:16260
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2380
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:2272
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:9188
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        8⤵
        
        PID:20828
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:15820
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:21356
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:8304
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:7284
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:15756
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:4296
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:7672
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:20504
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:11212
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:6236
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:15908
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:10540
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:744
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:3832
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:12180
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:11148
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:5316
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:12660
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:8440
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:10952
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:16208
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:3508
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:5908
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:14660
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:9332
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:10968
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:15424
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:4828
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:10296
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:19640
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:7368
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:740
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:10996
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:11164
- - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
    "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2944
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2536
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:2184
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:10684
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:12032
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:7228
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:15240
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:10720
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:11724
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:4336
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:9092
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:15628
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:6252
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:15676
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:11012
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:9524
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:660
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:4268
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:8324
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:21372
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:15796
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:6196
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:12212
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:10924
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:11488
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:4060
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:7204
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:16816
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:12600
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:5608
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:12168
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:9324
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:10196
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:15376
- - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
    "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2352
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:2568
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:4740
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:9992
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:20660
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:6124
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:7360
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:12284
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:11004
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:21496
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:4352
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:7236
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:18216
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:11204
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:6372
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:15860
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:10504
- - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
    "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
    3⤵
    PID:1708
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:4072
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:7292
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:15852
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:11108
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:12044
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:5648
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:11684
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:9372
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:21348
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:15612
- - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
    "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
    3⤵
    PID:3856
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:6908
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:17428
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:10744
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:10352
- - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
    "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
    3⤵
    PID:5324
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:11384
- - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
    "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
    3⤵
    PID:8360
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:18300
- - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
    "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
    3⤵
    PID:16312
- C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
  "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:756
- - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
    "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1732
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2676
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2396
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        8⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        9⤵
        
        PID:20836
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        8⤵
        
        PID:13164
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        8⤵
        
        PID:15700
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:10824
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:9840
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        8⤵
        
        PID:17864
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:10816
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:10168
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:12264
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:9012
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:21480
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:16304
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:1612
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:6540
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        8⤵
        
        PID:11664
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:11864
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:12644
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:8424
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:17880
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:15748
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:3532
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:11700
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:10784
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:9860
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:4924
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:10932
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:10672
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:7948
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:20568
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:12852
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:12316
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2376
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:2756
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:7740
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        8⤵
        
        PID:15200
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:12796
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:7252
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:8332
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:11100
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:10212
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:4252
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:7732
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:20488
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:12836
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:6036
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:15684
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:10448
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:10060
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:1600
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:3928
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:18208
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:10856
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:9928
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:5404
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:12708
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:10152
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:8384
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:15392
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:16360
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:3556
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:6020
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:15208
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:10808
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:21204
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:4956
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:10980
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:21196
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:7156
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:15668
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:10768
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:11584
- - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
    "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2108
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1896
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:3272
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:10432
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:16444
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:10880
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:10016
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:4412
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:8608
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:6864
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:11196
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:11960
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:6404
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:15868
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:11872
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:12248
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:2624
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:4968
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:10532
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:7132
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:12332
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:10832
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:10072
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:4312
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:7828
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:20812
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:12820
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:11448
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:6228
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:11708
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:11068
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:10656
- - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
    "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1140
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:2972
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:5012
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:10424
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:8008
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:20536
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:11188
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:12016
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:4320
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:7892
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:10644
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:13148
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:6244
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:15788
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:11020
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:4160
- - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
    "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
    3⤵
    PID:2680
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:4168
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:7716
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:20544
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:13052
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:5800
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:11648
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:9212
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:15400
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:16344
- - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
    "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
    3⤵
    PID:3908
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:6704
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:13232
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:10792
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:11904
- - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
    "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
    3⤵
    PID:5364
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:12668
- - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
    "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
    3⤵
    PID:8376
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:17788
- - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
    "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
    3⤵
    PID:16376
- C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
  "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2476
- - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
    "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2044
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:2012
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:3336
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:11044
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:21488
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:7180
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:16824
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:10848
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:10100
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:4420
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:8412
        
        C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        7⤵
        
        PID:2628
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:15764
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:6428
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:11656
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:12480
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:11228
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:836
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:5052
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:10564
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:8032
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:20584
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:12684
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:11412
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:4376
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:8492
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:20888
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:16368
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:6396
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:11824
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:11800
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:11832
- - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
    "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1776
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:884
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:4988
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:11060
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:11916
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:8040
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:20560
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:12716
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:11340
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:4328
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:7856
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:20008
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:12844
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:6260
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:11676
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:10632
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:11588
- - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
    "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
    3⤵
    PID:2160
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:4192
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:7404
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:6444
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:8312
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:20616
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:2468
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:5880
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:11400
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:9348
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:20640
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:16392
- - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
    "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
    3⤵
    PID:3900
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:6920
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:16192
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:10864
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:9952
- - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
    "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
    3⤵
    PID:5356
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:11848
- - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
    "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
    3⤵
    PID:8368
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:17780
- - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
    "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
    3⤵
    PID:16352
- C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
  "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:576
- - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
    "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
    3⤵
    PID:2388
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:3316
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:5136
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:10728
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:7124
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:17004
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:10480
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:4436
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:8504
      - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        6⤵
        
        PID:18320
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:15900
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:6472
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:16176
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:11180
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:11788
- - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
    "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
    3⤵
    PID:3088
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:5092
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:10224
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:8016
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:20592
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:11896
- - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
    "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
    3⤵
    PID:4384
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:7216
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:20684
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:10700
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:11548
- - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
    "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
    3⤵
    PID:6436
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:16184
- - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
    "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
    3⤵
    PID:11076
- C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
  "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1964
- - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
    "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
    3⤵
    PID:3200
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:1576
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:11028
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:10528
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:7164
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:16684
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:10372
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:11636
- - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
    "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
    3⤵
    PID:4428
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:8352
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:20552
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:16320
- - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
    "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
    3⤵
    PID:6500
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:15716
- - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
    "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
    3⤵
    PID:11132
- - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
    "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
    3⤵
    PID:11496
- C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
  "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
  2⤵
  PID:2592
- - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
    "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
    3⤵
    PID:4780
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:9300
    - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
        5⤵
        
        PID:20820
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:15248
- - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
    "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
    3⤵
    PID:7420
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:21364
- - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
    "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
    3⤵
    PID:10556
- - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
    "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
    3⤵
    PID:10108
- C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
  "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
  2⤵
  PID:4360
- - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
    "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
    3⤵
    PID:7936
  - - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
      "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
      4⤵
      PID:5080
- - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
    "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
    3⤵
    PID:15804
- C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
  "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
  2⤵
  PID:6268
- - C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
    "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
    3⤵
    PID:16160
- C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
  "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
  2⤵
  PID:10324
- C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe
  "C:\Users\Admin\AppData\Local\Temp\97375e528c1bd66277b5a170fa6b3620N.exe"
  2⤵
  PID:20624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\italian porn lingerie hidden feet .zip.exe

Filesize
640KB

MD5
85a6a4369778a51c5cc4969c01bd372d

SHA1
72cec278e7eb347f642d7ade8b29df38b9a71cf9

SHA256
ea1e592e180d1760992c7a338aa1d9783c45f89076ef52c4c6c2d6b7b537e88e

SHA512
f1cf05f02695b08473da4d1ec625fa10eb36b9a958ead4531cc76c8cd33d4cd07b1d2a770e3eac698c6e0785520899461dc60719b13c012dce9362aaf91cd6a6

Download Submit
C:\debug.txt

Filesize
183B

MD5
9117f88e423802736bbe6ef83229f4d5

SHA1
8e7b93dff9f4eaff1967c04793ead61a310bca32

SHA256
eebc3e4145b43f022d38d487dd059cefc3fe0a7e7f586b7a8d2a06d2353cf915

SHA512
4a8053500939cc512c41fdf769c7ecfb5caa9f42e52cd453c8912121305ca35e390c6846ea17c65fefd0bb2d2e498cc95e1dfe3c0e2d6a92fdc310995575e924

Download Submit