18f78a9b4f8bd635345cea1e9737ad916903a1710dd901fafa117e19b3f59b95

Analysis

max time kernel
16s
max time network
83s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
21/07/2024, 10:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ab3d97e81ba84836d7a764a1f9cee210N.exe
Size

1.9MB
MD5

ab3d97e81ba84836d7a764a1f9cee210
SHA1

3b4926a092731a4db30d664e93fba3ab26e388a1
SHA256

18f78a9b4f8bd635345cea1e9737ad916903a1710dd901fafa117e19b3f59b95
SHA512

b674cc46fa2f04c55999cde7661a537ee99896c6fd51ee3d339b2e7c37c93bb26d9ec5616e843886543b7735deeddf6eb757624681a97c62827aadb9beb777d6
SSDEEP

24576:86oSB4FgwHOTMyLPC9kbDrr6nwfXKBbpUzv9RTU1Xye4T+rs8Cq7eeJDTLIcdg4W:5OFgPjC2n6wPMKaXy1EX/Icl+0ECT260

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	ab3d97e81ba84836d7a764a1f9cee210N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\B:	ab3d97e81ba84836d7a764a1f9cee210N.exe
File opened (read-only)	\??\X:	ab3d97e81ba84836d7a764a1f9cee210N.exe
File opened (read-only)	\??\Y:	ab3d97e81ba84836d7a764a1f9cee210N.exe
File opened (read-only)	\??\T:	ab3d97e81ba84836d7a764a1f9cee210N.exe
File opened (read-only)	\??\V:	ab3d97e81ba84836d7a764a1f9cee210N.exe
File opened (read-only)	\??\E:	ab3d97e81ba84836d7a764a1f9cee210N.exe
File opened (read-only)	\??\H:	ab3d97e81ba84836d7a764a1f9cee210N.exe
File opened (read-only)	\??\J:	ab3d97e81ba84836d7a764a1f9cee210N.exe
File opened (read-only)	\??\K:	ab3d97e81ba84836d7a764a1f9cee210N.exe
File opened (read-only)	\??\M:	ab3d97e81ba84836d7a764a1f9cee210N.exe
File opened (read-only)	\??\N:	ab3d97e81ba84836d7a764a1f9cee210N.exe
File opened (read-only)	\??\W:	ab3d97e81ba84836d7a764a1f9cee210N.exe
File opened (read-only)	\??\U:	ab3d97e81ba84836d7a764a1f9cee210N.exe
File opened (read-only)	\??\A:	ab3d97e81ba84836d7a764a1f9cee210N.exe
File opened (read-only)	\??\I:	ab3d97e81ba84836d7a764a1f9cee210N.exe
File opened (read-only)	\??\L:	ab3d97e81ba84836d7a764a1f9cee210N.exe
File opened (read-only)	\??\O:	ab3d97e81ba84836d7a764a1f9cee210N.exe
File opened (read-only)	\??\P:	ab3d97e81ba84836d7a764a1f9cee210N.exe
File opened (read-only)	\??\S:	ab3d97e81ba84836d7a764a1f9cee210N.exe
File opened (read-only)	\??\G:	ab3d97e81ba84836d7a764a1f9cee210N.exe
File opened (read-only)	\??\Q:	ab3d97e81ba84836d7a764a1f9cee210N.exe
File opened (read-only)	\??\R:	ab3d97e81ba84836d7a764a1f9cee210N.exe
File opened (read-only)	\??\Z:	ab3d97e81ba84836d7a764a1f9cee210N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\italian fetish lingerie public hairy .zip.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\trambling [milf] titts stockings .mpg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\SysWOW64\IME\shared\lingerie licking young .mpg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\tyrkish cum gay [bangbus] .mpeg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\System32\DriverStore\Temp\italian beastiality xxx big feet (Christine,Karin).zip.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\SysWOW64\IME\shared\xxx big titts mature (Sarah).mpg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\danish kicking horse big titts (Kathrin,Jade).mpeg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\american horse lingerie [milf] .avi.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\SysWOW64\FxsTmp\cumshot beast lesbian leather .mpeg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\SysWOW64\FxsTmp\bukkake [bangbus] hole (Anniston,Tatjana).mpeg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Google\Temp\swedish horse beast hidden (Jade).mpeg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\tyrkish cum lingerie public titts ejaculation (Melissa).avi.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\xxx [bangbus] sm .mpg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\american horse trambling voyeur boots .avi.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\trambling masturbation hole latex (Jade).mpeg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\gay licking (Tatjana).mpeg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\trambling lesbian titts young (Curtney).rar.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\fucking several models upskirt .mpeg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\beast full movie ash .mpeg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Program Files\Windows Journal\Templates\russian animal fucking licking (Jade).mpg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\beast masturbation feet (Ashley,Janette).zip.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\tyrkish action sperm [milf] feet balls .zip.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\black cumshot bukkake voyeur cock lady .mpg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Program Files\DVD Maker\Shared\danish beastiality xxx public (Samantha).mpg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Program Files (x86)\Google\Update\Download\indian action blowjob girls feet penetration (Karin).mpg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\horse full movie titts .mpeg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\french lesbian [free] hole latex .rar.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\gay hidden .rar.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\tyrkish porn lingerie hidden hole ash (Janette).avi.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\norwegian bukkake uncut granny .mpeg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\norwegian fucking [bangbus] cock .mpg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\german beast hot (!) titts latex .mpeg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\german xxx masturbation blondie (Kathrin,Curtney).mpg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\malaysia fucking public feet pregnant .avi.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\malaysia trambling public cock (Kathrin,Melissa).zip.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\fucking voyeur glans (Sonja,Tatjana).rar.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\sperm several models .zip.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\russian handjob blowjob catfight black hairunshaved .avi.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\security\templates\blowjob uncut granny .mpg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\black cumshot blowjob [milf] traffic .mpeg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\indian animal bukkake [bangbus] stockings (Britney,Liz).avi.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\horse lesbian .rar.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\tyrkish fetish sperm several models bedroom .mpeg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\american cum trambling hot (!) glans granny (Sylvia).rar.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\blowjob [bangbus] hole black hairunshaved (Sarah).avi.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\brasilian fetish hardcore masturbation cock (Sonja,Jade).zip.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\trambling several models glans fishy .mpeg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\tyrkish nude blowjob public pregnant .avi.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\indian horse beast lesbian shower .mpeg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\nude hardcore hot (!) .zip.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\american cum beast full movie (Curtney).mpg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\sperm licking (Curtney).mpg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\russian animal beast big balls .avi.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\fucking catfight glans .mpeg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\lesbian hidden glans .zip.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\fucking masturbation traffic .mpeg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\japanese action hardcore catfight sweet .mpg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\black animal fucking hot (!) .mpg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\nude hardcore sleeping hole .mpg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\canadian lesbian big .mpeg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\Downloaded Program Files\lingerie big stockings .zip.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\beast girls .rar.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\black cum sperm hidden (Karin).zip.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\spanish beast [milf] boots .avi.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\blowjob big cock 40+ (Liz).zip.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\lingerie licking titts ¼ç (Janette).zip.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\danish action horse [milf] pregnant .avi.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\fetish xxx licking hotel (Jenna,Janette).avi.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\american fetish bukkake [milf] black hairunshaved (Christine,Jade).zip.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\russian cum xxx [bangbus] cock .zip.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\fucking voyeur granny .mpeg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\chinese lingerie voyeur hole (Kathrin,Liz).zip.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\brasilian cumshot horse licking .mpeg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\hardcore [free] .mpg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\assembly\tmp\lingerie [milf] (Samantha).avi.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\french horse lesbian hole upskirt .avi.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\mssrv.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\animal blowjob [free] mature (Gina,Melissa).avi.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\swedish gang bang lesbian girls hole .mpg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\malaysia fucking public sweet .mpg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\canadian fucking uncut .zip.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\fetish gay big glans .rar.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\horse public titts .rar.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\assembly\temp\black beastiality bukkake several models .avi.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\handjob lingerie big glans balls (Liz).avi.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\fetish hardcore uncut hotel .mpg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\british beast public 50+ .mpg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\fetish trambling girls cock sm .avi.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\american animal lesbian catfight .zip.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1596	ab3d97e81ba84836d7a764a1f9cee210N.exe
2160	ab3d97e81ba84836d7a764a1f9cee210N.exe
1596	ab3d97e81ba84836d7a764a1f9cee210N.exe
2852	ab3d97e81ba84836d7a764a1f9cee210N.exe
2640	ab3d97e81ba84836d7a764a1f9cee210N.exe
2160	ab3d97e81ba84836d7a764a1f9cee210N.exe
1596	ab3d97e81ba84836d7a764a1f9cee210N.exe
2764	ab3d97e81ba84836d7a764a1f9cee210N.exe
2852	ab3d97e81ba84836d7a764a1f9cee210N.exe
2576	ab3d97e81ba84836d7a764a1f9cee210N.exe
1648	ab3d97e81ba84836d7a764a1f9cee210N.exe
1068	ab3d97e81ba84836d7a764a1f9cee210N.exe
2640	ab3d97e81ba84836d7a764a1f9cee210N.exe
2160	ab3d97e81ba84836d7a764a1f9cee210N.exe
1596	ab3d97e81ba84836d7a764a1f9cee210N.exe
2832	ab3d97e81ba84836d7a764a1f9cee210N.exe
2460	ab3d97e81ba84836d7a764a1f9cee210N.exe
2764	ab3d97e81ba84836d7a764a1f9cee210N.exe
2200	ab3d97e81ba84836d7a764a1f9cee210N.exe
2852	ab3d97e81ba84836d7a764a1f9cee210N.exe
2892	ab3d97e81ba84836d7a764a1f9cee210N.exe
1648	ab3d97e81ba84836d7a764a1f9cee210N.exe
2824	ab3d97e81ba84836d7a764a1f9cee210N.exe
2576	ab3d97e81ba84836d7a764a1f9cee210N.exe
2828	ab3d97e81ba84836d7a764a1f9cee210N.exe
1596	ab3d97e81ba84836d7a764a1f9cee210N.exe
2896	ab3d97e81ba84836d7a764a1f9cee210N.exe
2816	ab3d97e81ba84836d7a764a1f9cee210N.exe
2640	ab3d97e81ba84836d7a764a1f9cee210N.exe
1068	ab3d97e81ba84836d7a764a1f9cee210N.exe
2160	ab3d97e81ba84836d7a764a1f9cee210N.exe
2132	ab3d97e81ba84836d7a764a1f9cee210N.exe
2984	ab3d97e81ba84836d7a764a1f9cee210N.exe
2832	ab3d97e81ba84836d7a764a1f9cee210N.exe
2376	ab3d97e81ba84836d7a764a1f9cee210N.exe
2764	ab3d97e81ba84836d7a764a1f9cee210N.exe
884	ab3d97e81ba84836d7a764a1f9cee210N.exe
1236	ab3d97e81ba84836d7a764a1f9cee210N.exe
2460	ab3d97e81ba84836d7a764a1f9cee210N.exe
2852	ab3d97e81ba84836d7a764a1f9cee210N.exe
2200	ab3d97e81ba84836d7a764a1f9cee210N.exe
2248	ab3d97e81ba84836d7a764a1f9cee210N.exe
2596	ab3d97e81ba84836d7a764a1f9cee210N.exe
2892	ab3d97e81ba84836d7a764a1f9cee210N.exe
2892	ab3d97e81ba84836d7a764a1f9cee210N.exe
3008	ab3d97e81ba84836d7a764a1f9cee210N.exe
3008	ab3d97e81ba84836d7a764a1f9cee210N.exe
1648	ab3d97e81ba84836d7a764a1f9cee210N.exe
1648	ab3d97e81ba84836d7a764a1f9cee210N.exe
1596	ab3d97e81ba84836d7a764a1f9cee210N.exe
1596	ab3d97e81ba84836d7a764a1f9cee210N.exe
2168	ab3d97e81ba84836d7a764a1f9cee210N.exe
2168	ab3d97e81ba84836d7a764a1f9cee210N.exe
1888	ab3d97e81ba84836d7a764a1f9cee210N.exe
1888	ab3d97e81ba84836d7a764a1f9cee210N.exe
2276	ab3d97e81ba84836d7a764a1f9cee210N.exe
2276	ab3d97e81ba84836d7a764a1f9cee210N.exe
2576	ab3d97e81ba84836d7a764a1f9cee210N.exe
2576	ab3d97e81ba84836d7a764a1f9cee210N.exe
1196	ab3d97e81ba84836d7a764a1f9cee210N.exe
1196	ab3d97e81ba84836d7a764a1f9cee210N.exe
912	ab3d97e81ba84836d7a764a1f9cee210N.exe
912	ab3d97e81ba84836d7a764a1f9cee210N.exe
2044	ab3d97e81ba84836d7a764a1f9cee210N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1596 wrote to memory of 2160	1596	ab3d97e81ba84836d7a764a1f9cee210N.exe	29
PID 1596 wrote to memory of 2160	1596	ab3d97e81ba84836d7a764a1f9cee210N.exe	29
PID 1596 wrote to memory of 2160	1596	ab3d97e81ba84836d7a764a1f9cee210N.exe	29
PID 1596 wrote to memory of 2160	1596	ab3d97e81ba84836d7a764a1f9cee210N.exe	29
PID 2160 wrote to memory of 2852	2160	ab3d97e81ba84836d7a764a1f9cee210N.exe	30
PID 2160 wrote to memory of 2852	2160	ab3d97e81ba84836d7a764a1f9cee210N.exe	30
PID 2160 wrote to memory of 2852	2160	ab3d97e81ba84836d7a764a1f9cee210N.exe	30
PID 2160 wrote to memory of 2852	2160	ab3d97e81ba84836d7a764a1f9cee210N.exe	30
PID 1596 wrote to memory of 2640	1596	ab3d97e81ba84836d7a764a1f9cee210N.exe	31
PID 1596 wrote to memory of 2640	1596	ab3d97e81ba84836d7a764a1f9cee210N.exe	31
PID 1596 wrote to memory of 2640	1596	ab3d97e81ba84836d7a764a1f9cee210N.exe	31
PID 1596 wrote to memory of 2640	1596	ab3d97e81ba84836d7a764a1f9cee210N.exe	31
PID 2852 wrote to memory of 2764	2852	ab3d97e81ba84836d7a764a1f9cee210N.exe	32
PID 2852 wrote to memory of 2764	2852	ab3d97e81ba84836d7a764a1f9cee210N.exe	32
PID 2852 wrote to memory of 2764	2852	ab3d97e81ba84836d7a764a1f9cee210N.exe	32
PID 2852 wrote to memory of 2764	2852	ab3d97e81ba84836d7a764a1f9cee210N.exe	32
PID 2640 wrote to memory of 2576	2640	ab3d97e81ba84836d7a764a1f9cee210N.exe	33
PID 2640 wrote to memory of 2576	2640	ab3d97e81ba84836d7a764a1f9cee210N.exe	33
PID 2640 wrote to memory of 2576	2640	ab3d97e81ba84836d7a764a1f9cee210N.exe	33
PID 2640 wrote to memory of 2576	2640	ab3d97e81ba84836d7a764a1f9cee210N.exe	33
PID 2160 wrote to memory of 1648	2160	ab3d97e81ba84836d7a764a1f9cee210N.exe	34
PID 2160 wrote to memory of 1648	2160	ab3d97e81ba84836d7a764a1f9cee210N.exe	34
PID 2160 wrote to memory of 1648	2160	ab3d97e81ba84836d7a764a1f9cee210N.exe	34
PID 2160 wrote to memory of 1648	2160	ab3d97e81ba84836d7a764a1f9cee210N.exe	34
PID 1596 wrote to memory of 1068	1596	ab3d97e81ba84836d7a764a1f9cee210N.exe	35
PID 1596 wrote to memory of 1068	1596	ab3d97e81ba84836d7a764a1f9cee210N.exe	35
PID 1596 wrote to memory of 1068	1596	ab3d97e81ba84836d7a764a1f9cee210N.exe	35
PID 1596 wrote to memory of 1068	1596	ab3d97e81ba84836d7a764a1f9cee210N.exe	35
PID 2764 wrote to memory of 2832	2764	ab3d97e81ba84836d7a764a1f9cee210N.exe	36
PID 2764 wrote to memory of 2832	2764	ab3d97e81ba84836d7a764a1f9cee210N.exe	36
PID 2764 wrote to memory of 2832	2764	ab3d97e81ba84836d7a764a1f9cee210N.exe	36
PID 2764 wrote to memory of 2832	2764	ab3d97e81ba84836d7a764a1f9cee210N.exe	36
PID 2852 wrote to memory of 2460	2852	ab3d97e81ba84836d7a764a1f9cee210N.exe	37
PID 2852 wrote to memory of 2460	2852	ab3d97e81ba84836d7a764a1f9cee210N.exe	37
PID 2852 wrote to memory of 2460	2852	ab3d97e81ba84836d7a764a1f9cee210N.exe	37
PID 2852 wrote to memory of 2460	2852	ab3d97e81ba84836d7a764a1f9cee210N.exe	37
PID 2576 wrote to memory of 2200	2576	ab3d97e81ba84836d7a764a1f9cee210N.exe	38
PID 2576 wrote to memory of 2200	2576	ab3d97e81ba84836d7a764a1f9cee210N.exe	38
PID 2576 wrote to memory of 2200	2576	ab3d97e81ba84836d7a764a1f9cee210N.exe	38
PID 2576 wrote to memory of 2200	2576	ab3d97e81ba84836d7a764a1f9cee210N.exe	38
PID 1648 wrote to memory of 2892	1648	ab3d97e81ba84836d7a764a1f9cee210N.exe	39
PID 1648 wrote to memory of 2892	1648	ab3d97e81ba84836d7a764a1f9cee210N.exe	39
PID 1648 wrote to memory of 2892	1648	ab3d97e81ba84836d7a764a1f9cee210N.exe	39
PID 1648 wrote to memory of 2892	1648	ab3d97e81ba84836d7a764a1f9cee210N.exe	39
PID 2640 wrote to memory of 2824	2640	ab3d97e81ba84836d7a764a1f9cee210N.exe	40
PID 2640 wrote to memory of 2824	2640	ab3d97e81ba84836d7a764a1f9cee210N.exe	40
PID 2640 wrote to memory of 2824	2640	ab3d97e81ba84836d7a764a1f9cee210N.exe	40
PID 2640 wrote to memory of 2824	2640	ab3d97e81ba84836d7a764a1f9cee210N.exe	40
PID 1596 wrote to memory of 2896	1596	ab3d97e81ba84836d7a764a1f9cee210N.exe	41
PID 1596 wrote to memory of 2896	1596	ab3d97e81ba84836d7a764a1f9cee210N.exe	41
PID 1596 wrote to memory of 2896	1596	ab3d97e81ba84836d7a764a1f9cee210N.exe	41
PID 1596 wrote to memory of 2896	1596	ab3d97e81ba84836d7a764a1f9cee210N.exe	41
PID 1068 wrote to memory of 2828	1068	ab3d97e81ba84836d7a764a1f9cee210N.exe	42
PID 1068 wrote to memory of 2828	1068	ab3d97e81ba84836d7a764a1f9cee210N.exe	42
PID 1068 wrote to memory of 2828	1068	ab3d97e81ba84836d7a764a1f9cee210N.exe	42
PID 1068 wrote to memory of 2828	1068	ab3d97e81ba84836d7a764a1f9cee210N.exe	42
PID 2160 wrote to memory of 2816	2160	ab3d97e81ba84836d7a764a1f9cee210N.exe	43
PID 2160 wrote to memory of 2816	2160	ab3d97e81ba84836d7a764a1f9cee210N.exe	43
PID 2160 wrote to memory of 2816	2160	ab3d97e81ba84836d7a764a1f9cee210N.exe	43
PID 2160 wrote to memory of 2816	2160	ab3d97e81ba84836d7a764a1f9cee210N.exe	43
PID 2832 wrote to memory of 2132	2832	ab3d97e81ba84836d7a764a1f9cee210N.exe	44
PID 2832 wrote to memory of 2132	2832	ab3d97e81ba84836d7a764a1f9cee210N.exe	44
PID 2832 wrote to memory of 2132	2832	ab3d97e81ba84836d7a764a1f9cee210N.exe	44
PID 2832 wrote to memory of 2132	2832	ab3d97e81ba84836d7a764a1f9cee210N.exe	44

C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
"C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1596
- C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
  "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2160
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2852
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2764
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2832
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        9⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        10⤵
        
        PID:10556
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        10⤵
        
        PID:17544
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        10⤵
        
        PID:27136
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        9⤵
        
        PID:8936
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        9⤵
        
        PID:14664
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        9⤵
        
        PID:27348
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        9⤵
        
        PID:8912
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        9⤵
        
        PID:15544
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        9⤵
        
        PID:27192
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:7000
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        9⤵
        
        PID:21944
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:10852
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:15684
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:27176
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        9⤵
        
        PID:16076
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:8796
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:15848
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:10996
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:8832
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:15044
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:26116
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:6984
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:22476
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:10844
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:15632
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:27144
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        9⤵
        
        PID:16056
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        9⤵
        
        PID:11692
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:9100
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:14776
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:27272
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:8896
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        9⤵
        
        PID:21424
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:16024
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:11776
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:26604
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:10604
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:16340
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:26960
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:16636
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:26396
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:8812
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:15872
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:26364
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:9168
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:14728
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:12692
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:26952
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:10880
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:27056
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:15648
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2984
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:792
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        9⤵
        
        PID:18028
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:8804
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:15856
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:12756
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:9284
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:14400
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:27320
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:11176
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:11224
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:23428
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:16068
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:8880
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:15964
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:27072
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:15916
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:3688
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:21464
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:10588
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:16364
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:26920
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:2444
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:26268
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:10812
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:15668
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:27008
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:16620
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:27032
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:8952
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:14736
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:27288
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:3720
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:21692
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:9888
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:16280
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:5336
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:13876
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:27304
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:7640
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:21560
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:14088
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:26292
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2460
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2376
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        9⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:9332
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:16140
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:8872
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:9368
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:14744
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:27264
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:21552
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:9872
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:16196
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:26936
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:22500
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:9308
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:15020
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:26096
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:9200
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:15864
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:26356
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:18796
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:14064
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:16380
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:1260
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:26628
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:10928
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:21180
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:12816
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:17392
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:8944
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:15992
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:3596
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:18036
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:26896
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:9300
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:16488
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:4940
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:9380
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:15736
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:27256
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:6688
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:14008
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:24760
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1236
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:1564
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:26904
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:10820
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:15656
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:16868
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:26444
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:8960
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:15716
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:3700
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:18052
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:8256
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:14924
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:26436
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:5084
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:10376
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:16372
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:9480
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:7592
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:21528
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:14548
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:3024
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:3612
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:15776
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:26612
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:9732
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:16252
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:10516
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:4948
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:9448
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:16032
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:6712
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:6248
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:14704
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:27048
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:8264
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:21576
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:14940
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:24736
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:3708
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:6320
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:21260
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:9960
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:16524
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:5296
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:10536
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:16392
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:9228
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:7796
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:10408
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:21412
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1648
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2892
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:884
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        9⤵
        
        PID:21108
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:9944
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:16728
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:9664
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:15984
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:9352
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:9824
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:16116
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:11544
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:22628
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:10368
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:16324
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:10424
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:10032
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:16124
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:26852
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:18816
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:10976
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:15404
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:2228
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:21116
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:10344
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:16332
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:9196
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:11200
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:17400
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:27152
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:8372
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:18788
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:15700
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:3732
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:21328
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:9816
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:16516
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:27016
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:5108
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:9904
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:16548
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:7576
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:21704
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:14228
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:1424
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2248
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:1548
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:21144
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:10352
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:16348
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:26928
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:9356
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:15000
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:26308
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:22520
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:14028
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:16416
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:3928
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:22216
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:9952
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:16644
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:26984
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:4172
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:11192
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:21188
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:7608
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:21728
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:14056
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:27296
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:688
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:4284
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:7772
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:21484
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:9848
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:16156
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:26888
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:6328
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:21676
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:9976
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:16700
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:3952
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:6736
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:5012
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:10416
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:3168
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:5500
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:13884
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:27312
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:8380
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:15948
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:27240
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2816
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:1464
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:3288
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:9648
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:14988
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:26236
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:21684
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:14268
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:24728
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:4448
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:8688
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:14768
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:6768
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:21404
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:10908
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:15840
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:5748
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:3240
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:5188
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:10024
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:16204
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:26944
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:7648
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:21200
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:14672
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:27040
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:4440
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:8548
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:21520
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:14784
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:6760
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:26324
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:10952
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:27184
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:15888
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:26796
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2276
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:2776
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:4828
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:8888
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:16008
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:11732
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:6888
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:26844
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:10892
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:15744
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:4332
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:7780
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:10936
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:15880
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:26828
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:6404
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:18772
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:9864
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:16260
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:11696
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:2728
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:4648
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:8772
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:16044
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:6696
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:6936
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:21512
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:10564
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:16300
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:4208
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:7788
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:22620
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:10960
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:15800
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:11700
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:6060
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:21448
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:9340
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:16180
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:10752
- C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
  "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2640
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2576
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2200
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2596
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        9⤵
        
        PID:21308
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:9896
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:16148
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:27208
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:9912
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:16788
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:7584
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:18828
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:14540
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:16776
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:26420
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:9984
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:16804
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:27248
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:13892
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:26344
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:21492
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:14244
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:3976
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:1588
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:15764
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:26380
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:9672
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:16540
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:9624
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:16244
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:5624
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:26868
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:14260
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:26428
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:3644
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:10440
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:22636
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:10040
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:16220
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:26388
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:4924
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:9484
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:16508
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:27088
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:7304
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:26636
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:14096
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:25952
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2168
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:2336
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:9388
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:15028
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:26088
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:21500
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:10916
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:15932
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:24368
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:4264
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:7804
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:10968
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:15640
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:27232
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:6172
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:3396
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:1880
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:15692
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:27224
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:2644
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:4384
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:4020
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:9596
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:14980
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:6460
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:21472
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:10384
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:21380
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:4176
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:7080
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:11548
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:10596
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:16316
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:26836
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:5864
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:18764
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:9188
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:15940
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:12636
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2824
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:912
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:3152
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:8928
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:21584
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:15956
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:26976
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:7812
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:10944
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:15620
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:27080
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:4416
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:8500
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:14904
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:26820
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:6508
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:21432
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:10360
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:16188
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:27200
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:3112
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:5000
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:9936
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:16688
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:27000
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:7296
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:14112
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:26068
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:4340
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:8208
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:22232
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:15728
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:6412
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:22492
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:10008
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:16660
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1888
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:2748
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:4616
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:8856
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:15824
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:2648
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:6992
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:24720
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:10872
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:15676
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:4200
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:7552
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:21296
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:14040
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:16400
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:6052
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:18044
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:27160
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:9180
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:15832
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:26644
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:2660
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:4600
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:9460
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:16560
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:27024
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:7088
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:11216
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:16500
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:4192
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:7456
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:21388
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:14220
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:23540
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:6036
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:18728
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:8764
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:15816
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:26804
- C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
  "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1068
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2828
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2044
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:3160
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:10528
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:16356
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:5772
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:7560
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:22484
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:14212
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:22508
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:4408
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:8756
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:14864
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:24828
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:6612
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:21288
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:10392
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:22260
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:3120
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:5016
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:9832
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:16108
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:4816
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:7312
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:3512
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:14176
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:23548
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:4348
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:8244
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:21648
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:14892
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:6452
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:21012
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:9992
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:16796
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1196
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:2148
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:4912
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:9208
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:15808
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:27168
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:7160
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:2800
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:11208
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:21152
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:4324
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:8216
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:14752
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:27280
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:6344
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:21536
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:10000
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:16672
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:27216
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:2636
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:4400
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:8492
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:26992
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:14952
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:24744
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:6468
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:21396
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:9880
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:16212
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:4184
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:7472
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:14072
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:16424
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:6044
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:21544
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:9588
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:16236
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:26812
- C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
  "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2896
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:2112
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:3216
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:5144
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:9612
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:15924
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:26912
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:7828
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:10400
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:21440
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:4424
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:8652
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:14156
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:27328
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:6524
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:18804
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:10016
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:16628
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:26968
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:3232
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:5168
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:9920
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:16652
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:7600
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:21276
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:14192
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:23532
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:4432
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:8660
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:22224
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:14912
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:26860
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:6516
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:16860
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:26372
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:9840
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:16292
- C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
  "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3008
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:408
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:4312
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:156
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:21736
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:14964
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:24752
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:6288
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:16848
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:26404
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:9680
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:16096
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:26620
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:3812
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:6304
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:16880
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:26412
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:9968
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:16716
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:5076
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:9928
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:16584
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:7568
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:21316
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:14252
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:26316
- C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
  "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
  2⤵
  PID:1728
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:4296
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:8108
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:14148
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:26300
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:6296
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:18020
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:9856
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:16268
- C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
  "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
  2⤵
  PID:3940
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:6700
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:21928
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:10900
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:15904
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:26452
- C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
  "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
  2⤵
  PID:5476
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:10520
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:16228
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:26880
- C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
  "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
  2⤵
  PID:8364
- C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
  "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
  2⤵
  PID:15708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\xxx [bangbus] sm .mpg.exe

Filesize
170KB

MD5
a1d9f8d01a0a073c8e33feab9a6dfb7e

SHA1
1cc4dfee26716fc27510abe539f6de7e6dd0be42

SHA256
17ac5c79a39e4a7f7521d3abfd2e21da77c886815863cab328ed7e94feaf89c2

SHA512
3a04cf76dc26655dd933c56c1abd4f5757dddebc28caa74d41dad77cf5b493a586bf9a7f302abee0cd1ed467c154f424aa194fa2c6e79e940e526b568ce567e3

Download Submit
C:\debug.txt

Filesize
183B

MD5
c8deb85fb061d276f9368e7604f2797d

SHA1
4084d037e64f644bd6c6cbdd20329019aee38f7d

SHA256
ae6b18e2c2d6620495a4de9369815efe2897c83f276cf57ccd294cebabbad0f4

SHA512
3b64c9cb8cf2b6b2add8d6059f5b75ab168263f3c71fe953562ab6872e47ceb9a58776a0a2860926bbe0c9ba60f72804b34d34b5c05d9ad9c9f44829984716f3

Download Submit