c97b22577a103e110eb72c4b912d24887e9a64fed201f195bc3b79715b154e40

Analysis

max time kernel
28s
max time network
120s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
22/07/2024, 08:32

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

86f6141baaf887beab06ff9af9e78840N.exe
Size

1.2MB
MD5

86f6141baaf887beab06ff9af9e78840
SHA1

c0020b1b24b5c9c2f0f193ee50d6650ba98d9f51
SHA256

c97b22577a103e110eb72c4b912d24887e9a64fed201f195bc3b79715b154e40
SHA512

2339e11c38a33ab51367b8ce313c6dbe29f18ebc6fd0aec33deca84af99588b3a228606d0f44e76f261015db009f03b06bee2a1cf4b2b023dee013eeeba88af9
SSDEEP

24576:2wLSWpERIR/BsXFgFKbVruk9oxUMaj4tOUUPLRwoATe4CT+udu1rvA0vb2sQgB:h5KRIt41bIrxUMa2+dwoAESudu1r40y2

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	86f6141baaf887beab06ff9af9e78840N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\J:	86f6141baaf887beab06ff9af9e78840N.exe
File opened (read-only)	\??\M:	86f6141baaf887beab06ff9af9e78840N.exe
File opened (read-only)	\??\V:	86f6141baaf887beab06ff9af9e78840N.exe
File opened (read-only)	\??\W:	86f6141baaf887beab06ff9af9e78840N.exe
File opened (read-only)	\??\X:	86f6141baaf887beab06ff9af9e78840N.exe
File opened (read-only)	\??\I:	86f6141baaf887beab06ff9af9e78840N.exe
File opened (read-only)	\??\G:	86f6141baaf887beab06ff9af9e78840N.exe
File opened (read-only)	\??\K:	86f6141baaf887beab06ff9af9e78840N.exe
File opened (read-only)	\??\P:	86f6141baaf887beab06ff9af9e78840N.exe
File opened (read-only)	\??\Q:	86f6141baaf887beab06ff9af9e78840N.exe
File opened (read-only)	\??\U:	86f6141baaf887beab06ff9af9e78840N.exe
File opened (read-only)	\??\Y:	86f6141baaf887beab06ff9af9e78840N.exe
File opened (read-only)	\??\A:	86f6141baaf887beab06ff9af9e78840N.exe
File opened (read-only)	\??\L:	86f6141baaf887beab06ff9af9e78840N.exe
File opened (read-only)	\??\N:	86f6141baaf887beab06ff9af9e78840N.exe
File opened (read-only)	\??\R:	86f6141baaf887beab06ff9af9e78840N.exe
File opened (read-only)	\??\S:	86f6141baaf887beab06ff9af9e78840N.exe
File opened (read-only)	\??\T:	86f6141baaf887beab06ff9af9e78840N.exe
File opened (read-only)	\??\Z:	86f6141baaf887beab06ff9af9e78840N.exe
File opened (read-only)	\??\H:	86f6141baaf887beab06ff9af9e78840N.exe
File opened (read-only)	\??\E:	86f6141baaf887beab06ff9af9e78840N.exe
File opened (read-only)	\??\O:	86f6141baaf887beab06ff9af9e78840N.exe
File opened (read-only)	\??\B:	86f6141baaf887beab06ff9af9e78840N.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\IME\shared\swedish action lesbian several models .mpeg.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\japanese handjob hardcore sleeping leather .mpeg.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\lingerie girls cock circumcision .mpeg.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\SysWOW64\FxsTmp\hardcore public .avi.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\brasilian cumshot beast sleeping mistress (Ashley,Liz).mpg.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\brasilian kicking sperm [milf] (Tatjana).rar.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\System32\DriverStore\Temp\american cumshot horse hot (!) (Tatjana).zip.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\SysWOW64\FxsTmp\chinese lingerie hidden titts (Britney,Sylvia).mpeg.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\russian gang bang bukkake public feet .mpeg.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\SysWOW64\IME\shared\trambling licking gorgeoushorny .mpeg.exe	86f6141baaf887beab06ff9af9e78840N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\lingerie hidden redhair .avi.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\fucking catfight ejaculation .mpg.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\swedish kicking xxx public hole pregnant (Liz).avi.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Program Files\DVD Maker\Shared\indian handjob lesbian [free] hole bedroom (Jade).rar.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\lesbian several models feet .avi.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Program Files (x86)\Google\Temp\beast hot (!) .mpg.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\russian cum lesbian girls (Samantha).avi.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\sperm uncut .zip.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\sperm catfight fishy .mpg.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\sperm voyeur .zip.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\indian fetish hardcore hidden wifey .avi.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Program Files\Windows Journal\Templates\american porn hardcore [milf] .mpg.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\russian gang bang sperm hidden glans granny (Sarah).mpg.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Program Files (x86)\Google\Update\Download\gay lesbian (Tatjana).mpg.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\italian animal blowjob [free] (Samantha).zip.exe	86f6141baaf887beab06ff9af9e78840N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\fetish hardcore big feet femdom (Sylvia).mpg.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\beastiality bukkake uncut cock traffic .rar.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\beast uncut titts latex (Curtney).zip.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\xxx several models .avi.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\danish porn sperm licking (Sarah).rar.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\russian handjob fucking lesbian sweet (Britney,Tatjana).zip.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\security\templates\tyrkish nude hardcore [free] feet (Jenna,Janette).mpeg.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\french blowjob lesbian penetration .avi.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\fetish lingerie catfight feet .mpg.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\sperm sleeping glans .mpg.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\lingerie hot (!) shoes (Ashley,Curtney).rar.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\spanish xxx girls beautyfull .zip.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\lingerie several models shower (Anniston,Janette).avi.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\fucking full movie glans swallow .rar.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\italian cum trambling [free] ejaculation .rar.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\Downloaded Program Files\black gang bang beast lesbian feet (Christine,Sylvia).mpeg.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\animal hardcore several models hole upskirt .mpeg.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\fucking [milf] cock (Gina,Melissa).rar.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\malaysia hardcore voyeur ìï (Sonja,Sylvia).rar.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\tyrkish fetish fucking uncut feet leather .avi.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\winsxs\InstallTemp\spanish xxx licking glans .zip.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\xxx public feet YEâPSè& .rar.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\action xxx girls ejaculation .zip.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\trambling sleeping feet .rar.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\tyrkish porn trambling several models glans hotel .avi.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\canadian gay licking cock shoes .mpeg.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\brasilian nude blowjob [free] feet traffic .mpeg.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\gang bang horse sleeping .mpeg.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\handjob horse big hole .mpeg.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\asian trambling catfight cock .rar.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\japanese porn fucking hot (!) glans fishy .mpeg.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\american porn lesbian [bangbus] titts .avi.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\hardcore lesbian redhair .mpeg.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\italian animal lesbian catfight Ôë .mpg.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\gay uncut hotel .mpeg.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\japanese beastiality lesbian catfight .avi.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\russian handjob trambling hot (!) (Karin).zip.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\brasilian horse trambling [bangbus] traffic .avi.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\chinese gay hidden .avi.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\asian hardcore uncut .rar.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\black handjob blowjob several models leather .mpeg.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\xxx girls (Tatjana).zip.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\british lingerie full movie shower .mpeg.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\french lingerie public girly .avi.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\hardcore girls cock castration .avi.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\african fucking [milf] .rar.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\handjob trambling masturbation glans redhair .avi.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\action horse uncut penetration .mpg.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\italian gang bang xxx hot (!) titts mature .mpeg.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\russian fetish lingerie uncut shoes .mpeg.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\hardcore several models .rar.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\canadian trambling uncut glans .avi.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\mssrv.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\SoftwareDistribution\Download\black handjob xxx several models hole .mpg.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\horse trambling several models stockings .mpg.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\tyrkish kicking xxx [milf] redhair .mpg.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\assembly\temp\danish action blowjob hidden titts .avi.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\horse bukkake hot (!) cock (Britney,Tatjana).mpeg.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\french fucking hot (!) traffic .mpg.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\beastiality fucking licking glans fishy .zip.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\tyrkish fetish hardcore uncut ash .avi.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\PLA\Templates\brasilian horse horse big leather .mpg.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\tyrkish nude blowjob girls cock .avi.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\african gay masturbation latex .zip.exe	86f6141baaf887beab06ff9af9e78840N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2176	86f6141baaf887beab06ff9af9e78840N.exe
2540	86f6141baaf887beab06ff9af9e78840N.exe
2176	86f6141baaf887beab06ff9af9e78840N.exe
2748	86f6141baaf887beab06ff9af9e78840N.exe
2616	86f6141baaf887beab06ff9af9e78840N.exe
2540	86f6141baaf887beab06ff9af9e78840N.exe
2176	86f6141baaf887beab06ff9af9e78840N.exe
292	86f6141baaf887beab06ff9af9e78840N.exe
1700	86f6141baaf887beab06ff9af9e78840N.exe
888	86f6141baaf887beab06ff9af9e78840N.exe
2748	86f6141baaf887beab06ff9af9e78840N.exe
492	86f6141baaf887beab06ff9af9e78840N.exe
2540	86f6141baaf887beab06ff9af9e78840N.exe
2616	86f6141baaf887beab06ff9af9e78840N.exe
2176	86f6141baaf887beab06ff9af9e78840N.exe
480	86f6141baaf887beab06ff9af9e78840N.exe
2504	86f6141baaf887beab06ff9af9e78840N.exe
980	86f6141baaf887beab06ff9af9e78840N.exe
292	86f6141baaf887beab06ff9af9e78840N.exe
2748	86f6141baaf887beab06ff9af9e78840N.exe
316	86f6141baaf887beab06ff9af9e78840N.exe
2428	86f6141baaf887beab06ff9af9e78840N.exe
1700	86f6141baaf887beab06ff9af9e78840N.exe
1052	86f6141baaf887beab06ff9af9e78840N.exe
888	86f6141baaf887beab06ff9af9e78840N.exe
352	86f6141baaf887beab06ff9af9e78840N.exe
2540	86f6141baaf887beab06ff9af9e78840N.exe
1636	86f6141baaf887beab06ff9af9e78840N.exe
492	86f6141baaf887beab06ff9af9e78840N.exe
2616	86f6141baaf887beab06ff9af9e78840N.exe
2176	86f6141baaf887beab06ff9af9e78840N.exe
2436	86f6141baaf887beab06ff9af9e78840N.exe
2092	86f6141baaf887beab06ff9af9e78840N.exe
2504	86f6141baaf887beab06ff9af9e78840N.exe
1196	86f6141baaf887beab06ff9af9e78840N.exe
480	86f6141baaf887beab06ff9af9e78840N.exe
2332	86f6141baaf887beab06ff9af9e78840N.exe
2404	86f6141baaf887beab06ff9af9e78840N.exe
1844	86f6141baaf887beab06ff9af9e78840N.exe
292	86f6141baaf887beab06ff9af9e78840N.exe
980	86f6141baaf887beab06ff9af9e78840N.exe
316	86f6141baaf887beab06ff9af9e78840N.exe
2748	86f6141baaf887beab06ff9af9e78840N.exe
1904	86f6141baaf887beab06ff9af9e78840N.exe
1700	86f6141baaf887beab06ff9af9e78840N.exe
888	86f6141baaf887beab06ff9af9e78840N.exe
952	86f6141baaf887beab06ff9af9e78840N.exe
1924	86f6141baaf887beab06ff9af9e78840N.exe
1924	86f6141baaf887beab06ff9af9e78840N.exe
696	86f6141baaf887beab06ff9af9e78840N.exe
696	86f6141baaf887beab06ff9af9e78840N.exe
968	86f6141baaf887beab06ff9af9e78840N.exe
968	86f6141baaf887beab06ff9af9e78840N.exe
944	86f6141baaf887beab06ff9af9e78840N.exe
944	86f6141baaf887beab06ff9af9e78840N.exe
2540	86f6141baaf887beab06ff9af9e78840N.exe
2540	86f6141baaf887beab06ff9af9e78840N.exe
2616	86f6141baaf887beab06ff9af9e78840N.exe
2616	86f6141baaf887beab06ff9af9e78840N.exe
492	86f6141baaf887beab06ff9af9e78840N.exe
1708	86f6141baaf887beab06ff9af9e78840N.exe
1708	86f6141baaf887beab06ff9af9e78840N.exe
492	86f6141baaf887beab06ff9af9e78840N.exe
2172	86f6141baaf887beab06ff9af9e78840N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2176 wrote to memory of 2540	2176	86f6141baaf887beab06ff9af9e78840N.exe	31
PID 2176 wrote to memory of 2540	2176	86f6141baaf887beab06ff9af9e78840N.exe	31
PID 2176 wrote to memory of 2540	2176	86f6141baaf887beab06ff9af9e78840N.exe	31
PID 2176 wrote to memory of 2540	2176	86f6141baaf887beab06ff9af9e78840N.exe	31
PID 2540 wrote to memory of 2748	2540	86f6141baaf887beab06ff9af9e78840N.exe	32
PID 2540 wrote to memory of 2748	2540	86f6141baaf887beab06ff9af9e78840N.exe	32
PID 2540 wrote to memory of 2748	2540	86f6141baaf887beab06ff9af9e78840N.exe	32
PID 2540 wrote to memory of 2748	2540	86f6141baaf887beab06ff9af9e78840N.exe	32
PID 2176 wrote to memory of 2616	2176	86f6141baaf887beab06ff9af9e78840N.exe	33
PID 2176 wrote to memory of 2616	2176	86f6141baaf887beab06ff9af9e78840N.exe	33
PID 2176 wrote to memory of 2616	2176	86f6141baaf887beab06ff9af9e78840N.exe	33
PID 2176 wrote to memory of 2616	2176	86f6141baaf887beab06ff9af9e78840N.exe	33
PID 2748 wrote to memory of 292	2748	86f6141baaf887beab06ff9af9e78840N.exe	34
PID 2748 wrote to memory of 292	2748	86f6141baaf887beab06ff9af9e78840N.exe	34
PID 2748 wrote to memory of 292	2748	86f6141baaf887beab06ff9af9e78840N.exe	34
PID 2748 wrote to memory of 292	2748	86f6141baaf887beab06ff9af9e78840N.exe	34
PID 2540 wrote to memory of 1700	2540	86f6141baaf887beab06ff9af9e78840N.exe	35
PID 2540 wrote to memory of 1700	2540	86f6141baaf887beab06ff9af9e78840N.exe	35
PID 2540 wrote to memory of 1700	2540	86f6141baaf887beab06ff9af9e78840N.exe	35
PID 2540 wrote to memory of 1700	2540	86f6141baaf887beab06ff9af9e78840N.exe	35
PID 2616 wrote to memory of 888	2616	86f6141baaf887beab06ff9af9e78840N.exe	36
PID 2616 wrote to memory of 888	2616	86f6141baaf887beab06ff9af9e78840N.exe	36
PID 2616 wrote to memory of 888	2616	86f6141baaf887beab06ff9af9e78840N.exe	36
PID 2616 wrote to memory of 888	2616	86f6141baaf887beab06ff9af9e78840N.exe	36
PID 2176 wrote to memory of 492	2176	86f6141baaf887beab06ff9af9e78840N.exe	37
PID 2176 wrote to memory of 492	2176	86f6141baaf887beab06ff9af9e78840N.exe	37
PID 2176 wrote to memory of 492	2176	86f6141baaf887beab06ff9af9e78840N.exe	37
PID 2176 wrote to memory of 492	2176	86f6141baaf887beab06ff9af9e78840N.exe	37
PID 292 wrote to memory of 480	292	86f6141baaf887beab06ff9af9e78840N.exe	38
PID 292 wrote to memory of 480	292	86f6141baaf887beab06ff9af9e78840N.exe	38
PID 292 wrote to memory of 480	292	86f6141baaf887beab06ff9af9e78840N.exe	38
PID 292 wrote to memory of 480	292	86f6141baaf887beab06ff9af9e78840N.exe	38
PID 2748 wrote to memory of 2504	2748	86f6141baaf887beab06ff9af9e78840N.exe	39
PID 2748 wrote to memory of 2504	2748	86f6141baaf887beab06ff9af9e78840N.exe	39
PID 2748 wrote to memory of 2504	2748	86f6141baaf887beab06ff9af9e78840N.exe	39
PID 2748 wrote to memory of 2504	2748	86f6141baaf887beab06ff9af9e78840N.exe	39
PID 1700 wrote to memory of 980	1700	86f6141baaf887beab06ff9af9e78840N.exe	40
PID 1700 wrote to memory of 980	1700	86f6141baaf887beab06ff9af9e78840N.exe	40
PID 1700 wrote to memory of 980	1700	86f6141baaf887beab06ff9af9e78840N.exe	40
PID 1700 wrote to memory of 980	1700	86f6141baaf887beab06ff9af9e78840N.exe	40
PID 888 wrote to memory of 316	888	86f6141baaf887beab06ff9af9e78840N.exe	41
PID 888 wrote to memory of 316	888	86f6141baaf887beab06ff9af9e78840N.exe	41
PID 888 wrote to memory of 316	888	86f6141baaf887beab06ff9af9e78840N.exe	41
PID 888 wrote to memory of 316	888	86f6141baaf887beab06ff9af9e78840N.exe	41
PID 2540 wrote to memory of 2428	2540	86f6141baaf887beab06ff9af9e78840N.exe	42
PID 2540 wrote to memory of 2428	2540	86f6141baaf887beab06ff9af9e78840N.exe	42
PID 2540 wrote to memory of 2428	2540	86f6141baaf887beab06ff9af9e78840N.exe	42
PID 2540 wrote to memory of 2428	2540	86f6141baaf887beab06ff9af9e78840N.exe	42
PID 492 wrote to memory of 352	492	86f6141baaf887beab06ff9af9e78840N.exe	43
PID 492 wrote to memory of 352	492	86f6141baaf887beab06ff9af9e78840N.exe	43
PID 492 wrote to memory of 352	492	86f6141baaf887beab06ff9af9e78840N.exe	43
PID 492 wrote to memory of 352	492	86f6141baaf887beab06ff9af9e78840N.exe	43
PID 2616 wrote to memory of 1052	2616	86f6141baaf887beab06ff9af9e78840N.exe	44
PID 2616 wrote to memory of 1052	2616	86f6141baaf887beab06ff9af9e78840N.exe	44
PID 2616 wrote to memory of 1052	2616	86f6141baaf887beab06ff9af9e78840N.exe	44
PID 2616 wrote to memory of 1052	2616	86f6141baaf887beab06ff9af9e78840N.exe	44
PID 2176 wrote to memory of 1636	2176	86f6141baaf887beab06ff9af9e78840N.exe	45
PID 2176 wrote to memory of 1636	2176	86f6141baaf887beab06ff9af9e78840N.exe	45
PID 2176 wrote to memory of 1636	2176	86f6141baaf887beab06ff9af9e78840N.exe	45
PID 2176 wrote to memory of 1636	2176	86f6141baaf887beab06ff9af9e78840N.exe	45
PID 2504 wrote to memory of 2436	2504	86f6141baaf887beab06ff9af9e78840N.exe	46
PID 2504 wrote to memory of 2436	2504	86f6141baaf887beab06ff9af9e78840N.exe	46
PID 2504 wrote to memory of 2436	2504	86f6141baaf887beab06ff9af9e78840N.exe	46
PID 2504 wrote to memory of 2436	2504	86f6141baaf887beab06ff9af9e78840N.exe	46

C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
"C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2176
- C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
  "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2540
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2748
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:292
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:480
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        8⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        9⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        10⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        9⤵
        
        PID:8856
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        9⤵
        
        PID:17284
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        8⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        9⤵
        
        PID:11044
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        8⤵
        
        PID:7624
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        8⤵
        
        PID:13392
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        8⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        9⤵
        
        PID:16100
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        8⤵
        
        PID:11004
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        8⤵
        
        PID:11092
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:13384
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        8⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        9⤵
        
        PID:16456
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        8⤵
        
        PID:9268
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        8⤵
        
        PID:17188
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        8⤵
        
        PID:11368
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        8⤵
        
        PID:15324
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:14620
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        8⤵
        
        PID:16568
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:9252
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:3428
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:11196
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:7588
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:10988
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:18340
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1196
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        8⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        9⤵
        
        PID:16108
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        8⤵
        
        PID:9376
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        8⤵
        
        PID:7564
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        8⤵
        
        PID:10860
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:7604
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:11344
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        8⤵
        
        PID:16344
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:11328
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:16180
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:8060
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:16560
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:1152
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        8⤵
        
        PID:16416
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:9236
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:16536
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:16496
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:7648
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:10952
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:10200
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:3748
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:1720
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:9496
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:17424
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:5180
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:10896
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:7572
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:12040
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2504
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2436
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        8⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        9⤵
        
        PID:17940
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        8⤵
        
        PID:8964
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        8⤵
        
        PID:16256
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        8⤵
        
        PID:13176
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:7544
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:10708
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        8⤵
        
        PID:16624
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:8956
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:16028
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:11304
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:7536
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:11272
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:1896
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        8⤵
        
        PID:16440
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:9260
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:18256
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:11296
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:7368
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:10996
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:3608
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:3588
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:11020
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:5044
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:11136
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:7612
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:14880
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1844
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:2100
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:9504
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:17416
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:17972
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:7888
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:11740
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:4020
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:6760
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:10868
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:5564
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:16472
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:8052
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:16336
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:2640
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:3952
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:16504
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:11352
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:5556
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:16392
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:8212
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:11768
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:3852
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:6476
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:17956
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:11724
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:5316
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:16520
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:7772
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:11748
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1700
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:980
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2332
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        8⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        8⤵
        
        PID:11396
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        8⤵
        
        PID:17948
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:11708
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:6340
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        8⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:9480
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:18360
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:10960
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:7764
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:12008
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:2660
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        8⤵
        
        PID:16376
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:9544
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:17844
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:17268
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:7580
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:17728
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:11156
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:3828
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:16448
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:2344
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:5300
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:16188
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:7780
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:11512
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1904
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:2604
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:7796
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:11504
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:16212
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:11164
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:4176
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:16488
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:11896
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:5756
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:16360
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:8676
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:16272
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:2636
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:4116
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:7012
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:11668
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:5412
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:16432
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:7848
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:16464
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:11944
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:3992
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:6660
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:16132
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:11732
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:5444
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:16148
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:7816
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:11992
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2428
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1708
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:3184
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:11068
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:7400
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:1672
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:13212
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:4516
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:8340
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:16296
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:7048
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:12056
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:3136
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:4964
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:11060
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:7520
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:12048
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:4372
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:8180
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:16140
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:6776
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:8932
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:12128
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:11180
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1924
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:1532
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:4656
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:9368
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:18068
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:7248
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:11984
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:4284
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:6284
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:11968
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:6168
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:16408
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:9536
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:1388
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:2976
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:4188
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:7064
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:12072
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:5748
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:16232
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:8840
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:17304
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:4212
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:7100
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:12296
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:5764
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:8396
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:16240
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:8684
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:17204
- C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
  "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2616
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:888
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:316
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2404
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        8⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        9⤵
        
        PID:16328
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        8⤵
        
        PID:11124
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        8⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:7640
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:11336
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        8⤵
        
        PID:16424
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:11028
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:11204
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:8068
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:16156
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:2804
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        8⤵
        
        PID:16304
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:12024
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:2200
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:7832
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:11904
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:3844
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:2524
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:11360
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:5284
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:16512
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:7824
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:11952
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:952
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:2980
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:8692
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:17220
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:7040
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:11856
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:4224
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:7132
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:11716
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:5772
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:17404
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:8848
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:17196
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:2648
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:3924
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:17964
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:11188
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:5292
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:10924
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:7756
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:11976
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:4060
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:6572
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:11260
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:5396
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:16400
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:7808
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:10980
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1052
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:608
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:3284
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:11288
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:7376
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:3012
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:4560
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:9196
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:16288
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:7080
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:16352
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:11928
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:3208
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:11108
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:7528
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:11700
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:4508
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:8864
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:17292
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:7116
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:12244
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:968
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:2744
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:4684
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:9212
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:16280
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:7184
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:16092
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:11376
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:4292
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:7460
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:2240
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:6308
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:17252
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:9512
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:6744
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:2416
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:4432
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:8024
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:16172
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:6816
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:16264
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:11100
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:4124
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:6860
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:16124
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:11144
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:5404
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:10936
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:4788
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:7840
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:11960
- C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
  "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:492
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:352
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:1696
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:3316
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:11076
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:7416
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:13220
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:4576
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:8824
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:11384
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:7004
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:17748
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:12080
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:3192
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:5124
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:11172
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:7596
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:11312
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:4472
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:8512
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:16528
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:6876
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:11116
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:696
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:2588
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:4740
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:9204
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:16312
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:7264
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:11692
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:4276
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:7228
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:12064
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:1540
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:16552
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:9244
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:4172
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:1624
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:4448
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:8220
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:12088
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:6808
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:16084
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:11012
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:4236
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:7160
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:16544
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:12032
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:5816
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:2756
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:9280
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:1752
- C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
  "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1636
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2172
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:3272
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:4832
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:9224
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:16320
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:7408
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:14712
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:4568
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:8700
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:17212
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:7088
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:12532
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:3200
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:860
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:16164
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:7632
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:16368
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:14584
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:4496
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:8816
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:11280
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:7072
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:11888
- C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
  "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:944
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:3108
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:4748
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:11036
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:7256
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:10968
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:4300
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:7556
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:13408
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:6316
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:16116
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:11084
- C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
  "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
  2⤵
  PID:3128
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:4692
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:11052
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:7240
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:12000
- C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
  "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
  2⤵
  PID:4380
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:7860
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:12196
- C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
  "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
  2⤵
  PID:6784
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:16480
- C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
  "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
  2⤵
  PID:9488
- C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
  "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
  2⤵
  PID:18388

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\russian gang bang sperm hidden glans granny (Sarah).mpg.exe

Filesize
1.2MB

MD5
d9af9237c370e8415ab99ca76c7256e6

SHA1
0d6b7a163d8f6b09660ab8b3ce0e3b6d6e9c9391

SHA256
2dcdaf5196d2de137b3e42c9f33f5dc2a673ca079af86da840a486118fd9d9ca

SHA512
c0e26cf3cbd0166b40ae9bc9def1cde50b6939d2a92b21dd9488df05bbb40f58177ca2de924316f7e7275e4e75f370036c8621a4022733fce08680e513d516cd

Download Submit
C:\debug.txt

Filesize
183B

MD5
07a921fb61777237bc2c4fd23212f2c9

SHA1
53bed930b17c3b19900a88fdb724bd96a6d60c2c

SHA256
cb7f603027d1453b87932aa96424c9b5f57bad0080dfdd2a49772ee6d9b7a8c1

SHA512
4007a63dea38a7224d277d9f345d3deedb69197e6aa7646c816429398b53db8e2d65be1cde0240bc17af501e231e1eaee9e4d71acb2198dc0f4b38a2927dd88c

Download Submit