5a2095dfbbdc5d55252ff4efb7b4cf3c1e8154daeae17502de9563702ac82613

Analysis

max time kernel
30s
max time network
18s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
21/07/2024, 11:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b8b866f1f1b378c28747990430c9da20N.exe
Size

1.2MB
MD5

b8b866f1f1b378c28747990430c9da20
SHA1

e553dd4e70db5253561e2d27ca0c68b692611d64
SHA256

5a2095dfbbdc5d55252ff4efb7b4cf3c1e8154daeae17502de9563702ac82613
SHA512

3b8d35fc08809f7d2f40dfcc7c045db3fd809e0578ab81b86b0527188ba989a0396b3bd8bdccab6bb20d8ba3e31cc85989ed0d53a43395e411336418e1c21439
SSDEEP

24576:C2KfL99qHBLE2l6PeI5ZbHNWnydk+E6rv2JVw3KPargM70dPuimz:C2wLaHue6mIHwn+Ei82KLo0dOz

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	b8b866f1f1b378c28747990430c9da20N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\A:	b8b866f1f1b378c28747990430c9da20N.exe
File opened (read-only)	\??\B:	b8b866f1f1b378c28747990430c9da20N.exe
File opened (read-only)	\??\K:	b8b866f1f1b378c28747990430c9da20N.exe
File opened (read-only)	\??\L:	b8b866f1f1b378c28747990430c9da20N.exe
File opened (read-only)	\??\R:	b8b866f1f1b378c28747990430c9da20N.exe
File opened (read-only)	\??\S:	b8b866f1f1b378c28747990430c9da20N.exe
File opened (read-only)	\??\U:	b8b866f1f1b378c28747990430c9da20N.exe
File opened (read-only)	\??\E:	b8b866f1f1b378c28747990430c9da20N.exe
File opened (read-only)	\??\M:	b8b866f1f1b378c28747990430c9da20N.exe
File opened (read-only)	\??\P:	b8b866f1f1b378c28747990430c9da20N.exe
File opened (read-only)	\??\V:	b8b866f1f1b378c28747990430c9da20N.exe
File opened (read-only)	\??\Y:	b8b866f1f1b378c28747990430c9da20N.exe
File opened (read-only)	\??\G:	b8b866f1f1b378c28747990430c9da20N.exe
File opened (read-only)	\??\J:	b8b866f1f1b378c28747990430c9da20N.exe
File opened (read-only)	\??\O:	b8b866f1f1b378c28747990430c9da20N.exe
File opened (read-only)	\??\W:	b8b866f1f1b378c28747990430c9da20N.exe
File opened (read-only)	\??\X:	b8b866f1f1b378c28747990430c9da20N.exe
File opened (read-only)	\??\Z:	b8b866f1f1b378c28747990430c9da20N.exe
File opened (read-only)	\??\H:	b8b866f1f1b378c28747990430c9da20N.exe
File opened (read-only)	\??\I:	b8b866f1f1b378c28747990430c9da20N.exe
File opened (read-only)	\??\N:	b8b866f1f1b378c28747990430c9da20N.exe
File opened (read-only)	\??\Q:	b8b866f1f1b378c28747990430c9da20N.exe
File opened (read-only)	\??\T:	b8b866f1f1b378c28747990430c9da20N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\Temp\horse voyeur stockings .mpg.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\SysWOW64\IME\shared\chinese kicking hardcore uncut glans bondage (Samantha,Kathrin).zip.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\gay big boots (Liz,Melissa).rar.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\SysWOW64\IME\shared\beastiality porn uncut Ôë .rar.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\SysWOW64\FxsTmp\swedish fucking voyeur feet hotel (Melissa,Sonja).zip.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\cum lesbian voyeur bedroom .mpeg.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\fucking girls .rar.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\SysWOW64\FxsTmp\nude action voyeur penetration .avi.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\canadian beastiality hidden high heels .avi.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\porn handjob big 50+ .rar.exe	b8b866f1f1b378c28747990430c9da20N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\german hardcore animal several models (Sonja,Kathrin).mpg.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\black horse fucking [milf] (Gina).mpeg.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\danish kicking animal big swallow .rar.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\gay blowjob uncut young .rar.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Program Files\DVD Maker\Shared\fetish gang bang several models blondie .zip.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Program Files\Windows Journal\Templates\italian cum girls sweet .mpg.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Program Files (x86)\Google\Update\Download\chinese gang bang public shower (Anniston,Anniston).mpeg.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\american hardcore full movie hole .mpeg.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\danish cumshot trambling voyeur hairy (Curtney).mpg.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\trambling beast full movie (Ashley).rar.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\american porn fucking masturbation femdom (Janette,Sonja).zip.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Program Files (x86)\Google\Temp\japanese hardcore hidden sm .mpg.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\japanese cumshot nude girls .mpg.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\hardcore kicking lesbian glans granny .rar.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\trambling uncut .mpg.exe	b8b866f1f1b378c28747990430c9da20N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\horse action full movie sm .mpeg.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\sperm beastiality uncut stockings (Sonja).mpg.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\action [milf] (Ashley).avi.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\beast several models latex .avi.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\porn action masturbation fishy .mpeg.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\indian beast porn hidden granny (Sylvia,Melissa).rar.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\american kicking bukkake full movie bedroom .mpeg.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\lesbian sperm hidden (Samantha).mpeg.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\chinese hardcore hidden ash lady .zip.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\german handjob trambling uncut black hairunshaved .mpeg.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\danish hardcore [bangbus] castration .mpeg.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\animal [milf] .mpeg.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\horse girls (Christine).rar.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\italian fucking trambling lesbian .zip.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\animal xxx full movie black hairunshaved (Sylvia,Sonja).mpg.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\chinese horse big lady .mpeg.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\chinese kicking several models titts shower .mpeg.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\malaysia lesbian full movie girly (Sonja,Jade).mpg.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\trambling gay voyeur feet (Gina).avi.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\kicking catfight hole (Karin).rar.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\brasilian fucking lesbian lesbian (Tatjana).zip.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\spanish handjob hidden wifey (Anniston,Britney).mpg.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\russian cumshot sleeping stockings .avi.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\norwegian gang bang voyeur (Melissa,Christine).zip.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\assembly\tmp\british lingerie voyeur vagina pregnant .zip.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\lingerie girls lady .avi.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\italian nude girls high heels .rar.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\spanish cumshot sleeping hotel .mpg.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\chinese kicking hidden 40+ (Tatjana,Kathrin).mpg.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\hardcore lesbian (Ashley,Jenna).avi.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\japanese beastiality gay [bangbus] beautyfull .zip.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\canadian hardcore beast uncut .mpeg.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\indian horse uncut (Tatjana).avi.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\malaysia lesbian kicking full movie mature .zip.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\hardcore girls legs 50+ .rar.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\sperm licking ¼ç .zip.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\xxx lesbian stockings .avi.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\tyrkish beast voyeur fishy .rar.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\american xxx lingerie uncut .mpg.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\british beast handjob several models .mpeg.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\beast trambling [milf] glans .rar.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\sperm several models nipples balls (Gina).rar.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\horse xxx catfight swallow .mpg.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\french blowjob [milf] beautyfull .avi.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\tyrkish lesbian handjob masturbation boots .mpeg.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\danish fucking blowjob masturbation ash bondage .rar.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\black lingerie lesbian catfight blondie .avi.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\african cumshot hot (!) high heels (Jenna,Samantha).avi.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\nude [free] .mpeg.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\canadian cumshot sperm catfight 40+ (Sonja).mpeg.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\italian hardcore hidden hole blondie (Jenna,Sylvia).rar.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\beast fetish uncut traffic .zip.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\xxx masturbation latex .zip.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\cum cum uncut girly .avi.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\french action horse voyeur nipples .rar.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\security\templates\german action cum catfight .avi.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\british kicking public shoes .zip.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\tyrkish bukkake [milf] femdom .rar.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\nude bukkake girls ìï (Sonja,Kathrin).mpeg.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\african beast girls castration (Britney,Ashley).mpg.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\horse catfight (Jenna).mpg.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\tyrkish bukkake fetish hidden glans (Christine,Kathrin).rar.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\japanese porn beast masturbation 50+ .rar.exe	b8b866f1f1b378c28747990430c9da20N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\beast several models (Tatjana,Melissa).zip.exe	b8b866f1f1b378c28747990430c9da20N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4832	2660	WerFault.exe	29

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2660	b8b866f1f1b378c28747990430c9da20N.exe
3060	b8b866f1f1b378c28747990430c9da20N.exe
2660	b8b866f1f1b378c28747990430c9da20N.exe
448	b8b866f1f1b378c28747990430c9da20N.exe
1944	b8b866f1f1b378c28747990430c9da20N.exe
3060	b8b866f1f1b378c28747990430c9da20N.exe
2660	b8b866f1f1b378c28747990430c9da20N.exe
1640	b8b866f1f1b378c28747990430c9da20N.exe
1040	b8b866f1f1b378c28747990430c9da20N.exe
1208	b8b866f1f1b378c28747990430c9da20N.exe
2400	b8b866f1f1b378c28747990430c9da20N.exe
448	b8b866f1f1b378c28747990430c9da20N.exe
1944	b8b866f1f1b378c28747990430c9da20N.exe
3060	b8b866f1f1b378c28747990430c9da20N.exe
2660	b8b866f1f1b378c28747990430c9da20N.exe
2864	b8b866f1f1b378c28747990430c9da20N.exe
2884	b8b866f1f1b378c28747990430c9da20N.exe
1992	b8b866f1f1b378c28747990430c9da20N.exe
1040	b8b866f1f1b378c28747990430c9da20N.exe
1640	b8b866f1f1b378c28747990430c9da20N.exe
1980	b8b866f1f1b378c28747990430c9da20N.exe
1788	b8b866f1f1b378c28747990430c9da20N.exe
1476	b8b866f1f1b378c28747990430c9da20N.exe
2452	b8b866f1f1b378c28747990430c9da20N.exe
1208	b8b866f1f1b378c28747990430c9da20N.exe
2164	b8b866f1f1b378c28747990430c9da20N.exe
448	b8b866f1f1b378c28747990430c9da20N.exe
2660	b8b866f1f1b378c28747990430c9da20N.exe
2400	b8b866f1f1b378c28747990430c9da20N.exe
3060	b8b866f1f1b378c28747990430c9da20N.exe
1944	b8b866f1f1b378c28747990430c9da20N.exe
2388	b8b866f1f1b378c28747990430c9da20N.exe
2188	b8b866f1f1b378c28747990430c9da20N.exe
2176	b8b866f1f1b378c28747990430c9da20N.exe
2884	b8b866f1f1b378c28747990430c9da20N.exe
2864	b8b866f1f1b378c28747990430c9da20N.exe
2260	b8b866f1f1b378c28747990430c9da20N.exe
3028	b8b866f1f1b378c28747990430c9da20N.exe
1040	b8b866f1f1b378c28747990430c9da20N.exe
1812	b8b866f1f1b378c28747990430c9da20N.exe
1992	b8b866f1f1b378c28747990430c9da20N.exe
1640	b8b866f1f1b378c28747990430c9da20N.exe
1640	b8b866f1f1b378c28747990430c9da20N.exe
844	b8b866f1f1b378c28747990430c9da20N.exe
844	b8b866f1f1b378c28747990430c9da20N.exe
1980	b8b866f1f1b378c28747990430c9da20N.exe
1980	b8b866f1f1b378c28747990430c9da20N.exe
1532	b8b866f1f1b378c28747990430c9da20N.exe
1532	b8b866f1f1b378c28747990430c9da20N.exe
3040	b8b866f1f1b378c28747990430c9da20N.exe
3040	b8b866f1f1b378c28747990430c9da20N.exe
1788	b8b866f1f1b378c28747990430c9da20N.exe
1788	b8b866f1f1b378c28747990430c9da20N.exe
1476	b8b866f1f1b378c28747990430c9da20N.exe
1476	b8b866f1f1b378c28747990430c9da20N.exe
3032	b8b866f1f1b378c28747990430c9da20N.exe
3032	b8b866f1f1b378c28747990430c9da20N.exe
1208	b8b866f1f1b378c28747990430c9da20N.exe
1208	b8b866f1f1b378c28747990430c9da20N.exe
1740	b8b866f1f1b378c28747990430c9da20N.exe
1740	b8b866f1f1b378c28747990430c9da20N.exe
1780	b8b866f1f1b378c28747990430c9da20N.exe
1780	b8b866f1f1b378c28747990430c9da20N.exe
448	b8b866f1f1b378c28747990430c9da20N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2660 wrote to memory of 3060	2660	b8b866f1f1b378c28747990430c9da20N.exe	30
PID 2660 wrote to memory of 3060	2660	b8b866f1f1b378c28747990430c9da20N.exe	30
PID 2660 wrote to memory of 3060	2660	b8b866f1f1b378c28747990430c9da20N.exe	30
PID 2660 wrote to memory of 3060	2660	b8b866f1f1b378c28747990430c9da20N.exe	30
PID 3060 wrote to memory of 448	3060	b8b866f1f1b378c28747990430c9da20N.exe	31
PID 3060 wrote to memory of 448	3060	b8b866f1f1b378c28747990430c9da20N.exe	31
PID 3060 wrote to memory of 448	3060	b8b866f1f1b378c28747990430c9da20N.exe	31
PID 3060 wrote to memory of 448	3060	b8b866f1f1b378c28747990430c9da20N.exe	31
PID 2660 wrote to memory of 1944	2660	b8b866f1f1b378c28747990430c9da20N.exe	32
PID 2660 wrote to memory of 1944	2660	b8b866f1f1b378c28747990430c9da20N.exe	32
PID 2660 wrote to memory of 1944	2660	b8b866f1f1b378c28747990430c9da20N.exe	32
PID 2660 wrote to memory of 1944	2660	b8b866f1f1b378c28747990430c9da20N.exe	32
PID 448 wrote to memory of 1640	448	b8b866f1f1b378c28747990430c9da20N.exe	33
PID 448 wrote to memory of 1640	448	b8b866f1f1b378c28747990430c9da20N.exe	33
PID 448 wrote to memory of 1640	448	b8b866f1f1b378c28747990430c9da20N.exe	33
PID 448 wrote to memory of 1640	448	b8b866f1f1b378c28747990430c9da20N.exe	33
PID 1944 wrote to memory of 1040	1944	b8b866f1f1b378c28747990430c9da20N.exe	34
PID 1944 wrote to memory of 1040	1944	b8b866f1f1b378c28747990430c9da20N.exe	34
PID 1944 wrote to memory of 1040	1944	b8b866f1f1b378c28747990430c9da20N.exe	34
PID 1944 wrote to memory of 1040	1944	b8b866f1f1b378c28747990430c9da20N.exe	34
PID 3060 wrote to memory of 1208	3060	b8b866f1f1b378c28747990430c9da20N.exe	35
PID 3060 wrote to memory of 1208	3060	b8b866f1f1b378c28747990430c9da20N.exe	35
PID 3060 wrote to memory of 1208	3060	b8b866f1f1b378c28747990430c9da20N.exe	35
PID 3060 wrote to memory of 1208	3060	b8b866f1f1b378c28747990430c9da20N.exe	35
PID 2660 wrote to memory of 2400	2660	b8b866f1f1b378c28747990430c9da20N.exe	36
PID 2660 wrote to memory of 2400	2660	b8b866f1f1b378c28747990430c9da20N.exe	36
PID 2660 wrote to memory of 2400	2660	b8b866f1f1b378c28747990430c9da20N.exe	36
PID 2660 wrote to memory of 2400	2660	b8b866f1f1b378c28747990430c9da20N.exe	36
PID 1640 wrote to memory of 2864	1640	b8b866f1f1b378c28747990430c9da20N.exe	37
PID 1640 wrote to memory of 2864	1640	b8b866f1f1b378c28747990430c9da20N.exe	37
PID 1640 wrote to memory of 2864	1640	b8b866f1f1b378c28747990430c9da20N.exe	37
PID 1640 wrote to memory of 2864	1640	b8b866f1f1b378c28747990430c9da20N.exe	37
PID 1040 wrote to memory of 2884	1040	b8b866f1f1b378c28747990430c9da20N.exe	38
PID 1040 wrote to memory of 2884	1040	b8b866f1f1b378c28747990430c9da20N.exe	38
PID 1040 wrote to memory of 2884	1040	b8b866f1f1b378c28747990430c9da20N.exe	38
PID 1040 wrote to memory of 2884	1040	b8b866f1f1b378c28747990430c9da20N.exe	38
PID 1208 wrote to memory of 1992	1208	b8b866f1f1b378c28747990430c9da20N.exe	39
PID 1208 wrote to memory of 1992	1208	b8b866f1f1b378c28747990430c9da20N.exe	39
PID 1208 wrote to memory of 1992	1208	b8b866f1f1b378c28747990430c9da20N.exe	39
PID 1208 wrote to memory of 1992	1208	b8b866f1f1b378c28747990430c9da20N.exe	39
PID 448 wrote to memory of 1980	448	b8b866f1f1b378c28747990430c9da20N.exe	40
PID 448 wrote to memory of 1980	448	b8b866f1f1b378c28747990430c9da20N.exe	40
PID 448 wrote to memory of 1980	448	b8b866f1f1b378c28747990430c9da20N.exe	40
PID 448 wrote to memory of 1980	448	b8b866f1f1b378c28747990430c9da20N.exe	40
PID 1944 wrote to memory of 1788	1944	b8b866f1f1b378c28747990430c9da20N.exe	41
PID 1944 wrote to memory of 1788	1944	b8b866f1f1b378c28747990430c9da20N.exe	41
PID 1944 wrote to memory of 1788	1944	b8b866f1f1b378c28747990430c9da20N.exe	41
PID 1944 wrote to memory of 1788	1944	b8b866f1f1b378c28747990430c9da20N.exe	41
PID 3060 wrote to memory of 1476	3060	b8b866f1f1b378c28747990430c9da20N.exe	42
PID 3060 wrote to memory of 1476	3060	b8b866f1f1b378c28747990430c9da20N.exe	42
PID 3060 wrote to memory of 1476	3060	b8b866f1f1b378c28747990430c9da20N.exe	42
PID 3060 wrote to memory of 1476	3060	b8b866f1f1b378c28747990430c9da20N.exe	42
PID 2400 wrote to memory of 2452	2400	b8b866f1f1b378c28747990430c9da20N.exe	43
PID 2400 wrote to memory of 2452	2400	b8b866f1f1b378c28747990430c9da20N.exe	43
PID 2400 wrote to memory of 2452	2400	b8b866f1f1b378c28747990430c9da20N.exe	43
PID 2400 wrote to memory of 2452	2400	b8b866f1f1b378c28747990430c9da20N.exe	43
PID 2660 wrote to memory of 2164	2660	b8b866f1f1b378c28747990430c9da20N.exe	44
PID 2660 wrote to memory of 2164	2660	b8b866f1f1b378c28747990430c9da20N.exe	44
PID 2660 wrote to memory of 2164	2660	b8b866f1f1b378c28747990430c9da20N.exe	44
PID 2660 wrote to memory of 2164	2660	b8b866f1f1b378c28747990430c9da20N.exe	44
PID 2864 wrote to memory of 2188	2864	b8b866f1f1b378c28747990430c9da20N.exe	45
PID 2864 wrote to memory of 2188	2864	b8b866f1f1b378c28747990430c9da20N.exe	45
PID 2864 wrote to memory of 2188	2864	b8b866f1f1b378c28747990430c9da20N.exe	45
PID 2864 wrote to memory of 2188	2864	b8b866f1f1b378c28747990430c9da20N.exe	45

C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
"C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2660
- C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
  "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3060
- - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
    "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:448
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1640
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2864
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        8⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        9⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        10⤵
        
        PID:13640
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        9⤵
        
        PID:8600
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        10⤵
        
        PID:19328
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        9⤵
        
        PID:15612
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        8⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        9⤵
        
        PID:9316
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        9⤵
        
        PID:17696
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        8⤵
        
        PID:7272
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        9⤵
        
        PID:19376
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        8⤵
        
        PID:14276
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        8⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        9⤵
        
        PID:13592
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        8⤵
        
        PID:9708
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        8⤵
        
        PID:15604
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        8⤵
        
        PID:9628
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        8⤵
        
        PID:14736
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:8064
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:14068
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:356
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        8⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        9⤵
        
        PID:13608
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        8⤵
        
        PID:9060
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        8⤵
        
        PID:14400
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        8⤵
        
        PID:9388
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        8⤵
        
        PID:16112
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        8⤵
        
        PID:19320
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:14236
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        8⤵
        
        PID:14456
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:9684
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:16072
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:9964
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        8⤵
        
        PID:21996
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:19312
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:18620
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:14244
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3028
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        8⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        9⤵
        
        PID:16212
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        8⤵
        
        PID:8972
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        8⤵
        
        PID:14520
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        8⤵
        
        PID:14688
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:9028
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:16052
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        8⤵
        
        PID:16032
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:9612
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:15384
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:9972
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:19724
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:8088
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:3812
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:14228
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:2680
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        8⤵
        
        PID:14664
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:12004
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:9924
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:14800
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:8096
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:14424
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:3912
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:3108
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:11084
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:3288
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:5524
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:10488
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:19732
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:8860
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:16064
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1980
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1812
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        8⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        9⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        8⤵
        
        PID:9300
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        8⤵
        
        PID:15652
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        8⤵
        
        PID:14164
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:9068
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:14376
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        8⤵
        
        PID:11000
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        8⤵
        
        PID:20032
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:9668
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:14564
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:9368
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:19384
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:16188
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:10692
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:20172
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:2656
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:6416
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        8⤵
        
        PID:14212
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:11960
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:10244
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:17000
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:8592
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:21988
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:15416
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:3764
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:14908
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:8996
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:14540
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:5196
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:10236
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:17416
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:7864
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:21792
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:14344
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1740
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:1960
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:9596
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        8⤵
        
        PID:21928
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:14432
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:7304
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:19804
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:14116
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:4744
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:8556
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:18612
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:14488
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:6608
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:14680
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:11092
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:22112
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:2720
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:4400
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:8244
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:15564
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:6260
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:13600
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:10700
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:22164
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:4176
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:7536
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:22040
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:10740
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:16892
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:5880
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:14704
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:9012
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:14392
- - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
    "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1208
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1992
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2260
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        8⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        8⤵
        
        PID:9404
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        8⤵
        
        PID:20352
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        8⤵
        
        PID:14220
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:9436
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:17088
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        8⤵
        
        PID:16976
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:13464
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:13460
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:9020
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:16080
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:2772
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        8⤵
        
        PID:14044
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:13632
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:13648
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:8584
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:19764
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:15544
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:3700
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:14616
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:9604
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:15596
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:4828
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:9620
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:14472
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:8072
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:21852
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:14060
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3040
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:1116
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:10496
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:20048
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:8144
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:14308
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:4840
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:8688
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:14132
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:6716
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:8980
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:14584
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:2592
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:4388
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:7584
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:14916
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:14608
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:6252
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:14624
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:10480
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:14768
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:4144
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:7240
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:21784
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:15500
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:5920
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:14172
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:9036
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:3900
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:14496
- - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
    "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1476
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:844
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:2556
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:7872
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:10472
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:16120
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:16904
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:9588
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:19748
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:4308
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:7420
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:22004
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:14084
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:5952
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:17340
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:9452
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:15472
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:2824
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:4508
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:8268
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:21768
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:15552
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:6276
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:16248
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:10196
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:14744
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:4116
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:7528
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:22152
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:10252
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:15152
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:5936
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:14148
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:9428
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:3440
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:20144
- - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
    "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
    3⤵
    PID:2356
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:3320
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:5300
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:10684
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:21800
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:8112
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:14012
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:4908
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:9340
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:14728
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:7152
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:23072
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:14076
- - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
    "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
    3⤵
    PID:912
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:4224
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:7380
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:21104
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:14292
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:5864
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:14332
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:9044
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:14384
- - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
    "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
    3⤵
    PID:4672
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:8288
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:19336
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:15432
- - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
    "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
    3⤵
    PID:6576
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:14632
- - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
    "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
    3⤵
    PID:11976
- C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
  "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1944
- - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
    "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1040
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2884
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2388
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        8⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        9⤵
        
        PID:13536
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        8⤵
        
        PID:8680
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        8⤵
        
        PID:14464
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        8⤵
        
        PID:9356
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        8⤵
        
        PID:19708
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:7296
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        8⤵
        
        PID:16220
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:14600
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        8⤵
        
        PID:14324
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:8868
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        8⤵
        
        PID:21880
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:14416
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:9948
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:20152
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:7280
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:22104
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:14316
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:1384
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:6196
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        8⤵
        
        PID:14156
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:10204
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:14752
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:10108
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:19796
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:7560
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:19368
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:10708
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:15424
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:3600
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:14180
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:8736
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:15528
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:5172
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:17036
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:10220
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:15900
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:8136
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:20024
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:14352
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2176
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:2420
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        8⤵
        
        PID:13568
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:8728
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:14284
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:9744
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        8⤵
        
        PID:23380
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:15588
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:22024
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:14124
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:3608
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:16128
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:9652
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:14528
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:4800
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:9956
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:20136
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:7552
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:3872
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:10716
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:15628
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:1840
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:3876
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:14052
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:13524
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:5516
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:13452
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:8416
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:16228
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:15536
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:3648
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:6036
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:17076
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:9644
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:15580
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:5084
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:9716
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:14504
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:7320
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:21712
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:15516
- - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
    "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1788
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1532
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:2112
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:7440
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        8⤵
        
        PID:14640
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:10188
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:14720
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:14648
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:9580
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:20040
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:4340
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:7496
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:16984
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:10944
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:15620
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:5944
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:8820
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:21760
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:15480
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:9052
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:14480
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:2580
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:4244
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:7512
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:17124
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:10260
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:14712
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:5896
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:17112
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:9396
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:18760
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:4152
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:7212
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:19352
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:14252
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:5912
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:8828
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:15452
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:8852
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:21980
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:15824
- - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
    "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
    3⤵
    PID:1120
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:3280
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:5360
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:10676
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:22048
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:8120
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:21872
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:11988
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:21724
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:4884
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:8664
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:14300
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:7172
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:19360
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:15392
- - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
    "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
    3⤵
    PID:1048
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:4260
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:7576
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:14672
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:15660
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:5872
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:14140
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:9412
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:19756
- - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
    "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
    3⤵
    PID:4680
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:8304
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:20160
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:15768
- - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
    "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
    3⤵
    PID:6600
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:14204
- - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
    "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
    3⤵
    PID:11076
- - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
    "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
    3⤵
    PID:23124
- C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
  "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2400
- - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
    "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2452
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3032
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:3080
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:9752
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:15376
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:7312
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:22088
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:14092
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:4792
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:8572
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:16236
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:14576
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:6848
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:14656
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:8988
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:14592
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:2728
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:4376
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:7452
        
        C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        7⤵
        
        PID:8152
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:10180
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:17364
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:4848
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:17064
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:9636
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:15676
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:4184
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:7520
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:21808
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:10268
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:16096
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:5888
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:14188
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:9004
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:14368
- - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
    "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
    3⤵
    PID:1724
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:3268
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:5252
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:10296
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:19296
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:8104
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:3256
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:14196
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:4900
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:8876
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:15464
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:7180
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:21776
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:15408
- - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
    "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
    3⤵
    PID:2732
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:4276
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:7408
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:16992
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:10732
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:15636
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:5928
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:8812
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:15644
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:9444
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:22032
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:19788
- - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
    "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
    3⤵
    PID:4664
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:8320
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:19344
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:16104
- - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
    "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
    3⤵
    PID:6388
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:14696
- - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
    "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
    3⤵
    PID:11996
- C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
  "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2164
- - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
    "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1780
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:3120
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:5136
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:9936
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:19716
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:7880
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:816
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:14268
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:4752
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:8336
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:3892
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:15340
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:6760
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:16684
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:11940
- - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
    "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
    3⤵
    PID:2672
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:4412
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:8208
      - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        6⤵
        
        PID:20128
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:14100
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:6268
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:14260
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:10212
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:15720
- - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
    "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
    3⤵
    PID:4316
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:7544
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:22756
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:10724
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:19780
- - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
    "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
    3⤵
    PID:5960
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:8836
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:21752
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:15668
- - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
    "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
    3⤵
    PID:9420
- - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
    "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
    3⤵
    PID:19740
- C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
  "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
  2⤵
  PID:1924
- - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
    "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
    3⤵
    PID:3328
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:5348
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:10228
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:15444
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:8128
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:14360
- - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
    "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
    3⤵
    PID:4892
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:9348
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:16088
- - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
    "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
    3⤵
    PID:7144
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:11704
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:22016
- - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
    "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
    3⤵
    PID:13920
- C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
  "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
  2⤵
  PID:1512
- - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
    "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
    3⤵
    PID:4268
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:7504
    - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
        5⤵
        
        PID:21112
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:10276
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:15744
- - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
    "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
    3⤵
    PID:5904
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:16136
- - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
    "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
    3⤵
    PID:8844
- - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
    "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
    3⤵
    PID:14408
- C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
  "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
  2⤵
  PID:4736
- - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
    "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
    3⤵
    PID:8344
  - - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
      "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
      4⤵
      PID:19772
- - C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe
    "C:\Users\Admin\AppData\Local\Temp\b8b866f1f1b378c28747990430c9da20N.exe"
    3⤵
    PID:15572
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 372
  2⤵
  - Program crash
  PID:4832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\danish cumshot trambling voyeur hairy (Curtney).mpg.exe

Filesize
1.0MB

MD5
adc2d9a6b21cc14c3e5b13dc9bae86f5

SHA1
06f9ac50b9763f8a9ac46187bde2552454af7499

SHA256
312a146a3f318653dd26b3f708311e34c8c1a15b88349a7ed4400523ac52ead9

SHA512
9d685d78d06e7a84f4fd9a5668b3580357415312dc55578cbd71dd631256898e728a6f9426367f894ad7947ffd81ae4582ad43f52a0b78a289614995526c4187

Download Submit
C:\debug.txt

Filesize
183B

MD5
b4874321ba6e06fb9abf6bd17a813db0

SHA1
0aaa48d1ee9ea2221769841f6cf5c9898eeafbb5

SHA256
f4c3fd9ff815f2136c20487c642d79c76df1acdc18097264cbf2be47efcb4b12

SHA512
7bdc692431cbf6636840ec380fb8f0c72047db0b0f13e111069ee3413b0d8655751bc79cfdf236c52107db952a47dd3d3b10d0c6554f9a8c137f543ea4952bf6

Download Submit